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Why use Servlets & JSPs 

Web applications are hot. How many GUI apps do you know that are used by 
millions of users worldwide? As a web app developer, you can free yourself from the grip 
of deployment problems all standalone apps have, and deliver your app to anyone with a 
browser. But you need servlets and JSPs. Because plain old static HTML pages are so, 
well, 1999. Learn to move from web site to web app. 



Exam objectives 

What web servers and clients do, and how they talk? 

Two-minute guide to HTML 
What is the HTTP protocol? 

Anatomy of HTTP GET and POST requests and HTTP responses 
Locating web pages using URLs 
Web servers, static web pages, and CGI 
Servlets Demystified: write, deploy, and run a servlet 
JSP is what happened when somebody introduced Java to HTML 
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Web app architecture 

Servlets need help. When a request comes in, somebody has to instantiate 
the servlet or at least allocate a thread to handle the request. Somebody has to call the 
servlet’s doPost() or doGet() method. Somebody has to get the request and the response 
to the servlet. Somebody has to manage the life, death, and resources of the servlet. In 
this chapter, we’ll look at the Container, and we’ll take a first look at the MVC pattern. 



Exam Objectives 

What is a Container and what does it give you? 

How it looks in code (and what makes a servlet) 

Naming servlets and mapping them to URLs using the DD 
Story: Bob Builds a Matchmaking Site (and MVC intro) 

A Model-View-Controller (MVC) overview and example 
A “working” Deployment Descriptor (DD) 

HowJ2EE fits into all this 
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Tomcat-specific 


This dired-tory „a-*e also represents 

•tKe "cohie*i Toot" whidh Ttmtai 
uses when resolving URLs. We’ll 
explore this dondept in great detail 
in the deployment dhapter 



Part of the 
Servlets spec 



Mini MVC tutorial 

Create and deploy an MVC web app. It’s time to get your hands dirty 
writing an HTML form, a servlet controller, a model (plain old Java class), an XML 
deployment descriptor, and a JSP view. Time to build it, deploy it, and test it. But first, you 
need to set up your development environment. Next, you need to set up your deployment 
environment following the servlet and JSP specs and Tomcat requirements. True, this is a 
small app... but there’s almost NO app that’s too small to use MVC. 



Tl,,s package steueiuee is exactly what we used 
iw tee develop—e.t envieoument Unless youVe 
deploying you. classes in a JM (we'll talk alo.t 
“at later in the took), then you MUST put the 
package directory structure inunediately under 
WEB-WF/elasses. ' 


Exam Objectives 

Let’s build an MVC application; the first design 
Create the development and deployment environments 
Create and test the HTML for the initial form page 
Create the Deployment Descriptor (DD) 

Create, compile, deploy, and test the controller servlet 
Design, build, and test the model component 
Enhance the controller to call the model 
Create and deploy the view component (it’s a JSP) 
Enhance the controller servlet to call the JSP 
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Idempotency 
is nothing to be 
ashamed of... 


Being a Servlet 

Servlets need help. When a request A servlet’s job is to take a client’s request 
and send back a response. The request might be simple: “get me the Welcome page.” Or 
it might be complex: “Complete my shopping cart check-out.” The request carries crucial 
data, and your servlet code has to know how to find it and how to use it. And your servlet 
code has to know how to send a response. Or not... 




Client 


NOT Idempotent 


Servlet uses the POST 
data to update the 
database. 


Exam Objectives 
A servlet’s life in the Container 
Servlet initialization and threads 

A Servlet’s REAL job is to handle GET and POST requests. 
The story of the non-idempotent request 
What determines whether you get a GET or POST request? 
Sending and using parameter(s) 

So that’s the Request... now let’s see the Response 
You can set response headers, you can add response headers 
Servlet redirect vs. request dispatcher 
Review: HttpServletResponse 
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Being a web app 

No servlet stands alone. In today’s modern web app, many components 
work together to accomplish a goal. You have models, controllers, and views. You have 
parameters and attributes. You have helper classes. But how do you tie the pieces 
together? How do you let components share information? How do you hide information? 
How do you make information thread-safe ? Your job may depend on the answers. 




Exam Objectives 

Init Parameters and ServletConfig to the rescue 
How can a JSP get servlet init parameters? 

Context init parameters to the rescue 

Comparing ServletConfig with ServletContext 

She wants a ServletContextListener 

Tutorial: a simple ServletContextListener 

Compile, deploy, and test your listener 

The full story, a ServletContextListener review 

Eight Listeners: they’re not just for context events... 

What, exactly, is an attribute? 

The Attribute API and the dark side of attributes 
Context scope isn’t thread-safe! 

The problem in slow motion... 

Trying out Synchronization 
Are Session attributes thread-safe? 

The SingleThreadModel 

Only Request attributes and local variables are thread-safe! 
Request attributes and Request dispatching 
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Conversational state 

Web servers have no short-term memory. As soon as they send you 
a response, they forget who you are. The next time you make a request, they don’t 
recognize you. They don’t remember what you’ve requested in the past, and they don’t 
remember what they’ve sent you in response. Nothing. But sometimes you need to keep 
conversational state with the client across multiple requests. A shopping cart wouldn’t 
work if the client had to make all his choices and then checkout in a single request. 



Exam Objectives 

It’s supposed to be a conversation, (how sessions work) 

Session IDs, cookies, and other session basics 

URL rewriting: something to fall back on 

When sessions get stale; getting rid of bad sessions 

Can I use cookies for other things, or are they only for sessions? 

Key milestones for an HttpSession 

Don’t forget about HttpSessionBindingListener 

Session migration 

Listener examples 
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Being a JSP 

A JSP becomes a servlet. A servlet that you don’t create. The Container looks 
at your JSP, translates it into Java source code, and compiles it into a full-fledged Java 
servlet class. But you’ve got to know what happens when the code you write in the JSP 
is turned into Java code. You can write Java code in your JSP, but should you? And if 
not Java code, what do you write? How does it translate into Java code? We’ll look at 
six different kinds of JSP elements—each with its own purpose and, yes, unique syntax. 
You’ll learn how, why, and what to write in your JSP. And you’ll learn what not to write. 



Exam Objectives 

Create a simple JSP using “out” and a page directive 
JSP expressions, variables, and declarations 
Time to see aJSP-generated servlet 
The out variable isn’t the only implicit object... 

The Lifecycle and initialization of a JSP 

While we’re on the subject... let’s talk more about the three directives 
Scriptlets considered harmful? Here’s EL 
But wait... we haven’t seen: actions 
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Script-free pages 

Lose the scripting. Do your web page designers really have to know Java? 

Do they expect server-side Java programmers to be, say, graphic designers? And even 
if it’s just you on the team, do you really want a pile of bits and pieces of Java code in 
your JSPs? Can you say, “maintenance nightmare”? Writing scriptless pages is not just 
possible, it’s become much easier and more flexible with the new JSP 2.0 spec, thanks 


Don't expect 
ME to strip out your 
redundant opening and 
closing tags. 


to the new Expression Language (EL). Patterned after JavaScript and XPATH, web 
designers feel right at home with EL, and you’ll like it too (once you get used to it). But 
there are some traps... EL looks like Java, but isn’t. Sometimes EL behaves differently 
than if you used the same syntax in Java, so pay attention! 



© The Header file (“Header.jsp”) 




Noie -this idea of 
stripping out the 
opening and closma 

tav applies to BtfTtt 
include mechanisms— 
<jsp:include> and the 
include directive- 


Exam Objectives 
When attributes are beans 

Standard actions: useBean, getProperty, setProperty 
Can you make polymorphic bean references? 

The param attribute to the rescue 

Converting properties 

Expression Language (EL) saves the day! 

Using the dot (.) operator to access properties and map values 
The [] gives you more options (Lists, arrays...) 

More dot and [ ] operator details 
The EL implicit objects 
EL functions, and handling “null” 

Reusable template pieces—two kinds of “include” 

The <jsp:forward /> standard action 

She doesn’t know about JSTL tags (a preview) 

Reviewing standard actions and include 
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Custom tags are powerful 

Sometimes you need more than EL or standard actions, what if 

you want to loop through the data in an array, and display one item per row in an HTML 
table? You know you could write that in two seconds using a for loop in a scriptlet. But 
you’re trying to get away from scripting. No problem. When EL and standard actions 
aren’t enough, you can use custom tags. They’re as easy to use in a JSP as standard 
actions. Even better, someone’s already written a pile of the ones you’re most likely to 
need, and bundled them into the JSP Standard Tag Library (JSTL). In this chapter we’ll 
learn to use custom tags, and in the next chapter we’ll learn to create our own. 


table> 

-<c:forEach var="listElement" items="${movies}" > 

... 
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<c:forEach var="movie" ltems="${listElement}" > 


'vr/fiW 


<tr> 

<td>${movie}</td> 
'7 </tx> 

L </c: forEach> 


loop 

V- </c:forEach> 

</table> 
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Matrix Revolutions 
Kill Bill 

Boondock Saints 
Amelie 

Return of the King 
Mean Girls 


Exam Objectives 

Looping without scripting <c:forEach> 

Conditional control with <c:iE> and <c:choose> 

Using the <c:set> and <c:remove> tags 

With <c:import>, there are now three ways to include content 

Customizing the thing you include 

Doing the same thing with <c:param> 

<c:url> for all your hyperlink needs 
Make your own error pages 
The <c:catch> tag. Like try/catch ...sort of 
What if you need a tag that’s NOT in JSTL? 

Pay attention to <rtexprvalue> 

What can be in a tag body 

The tag handler, the TLD, and the JSP 

The taglib <uri> is just a name, not a location 

When a JSP uses more than one tag library 
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When even JSTL isn’t enough... 

Sometimes JSTL and standard actions aren’t enough, when you 
need something custom, and you don’t want to go back to scripting, you can write your 
own tag handlers. That way, your page designers can use your tag in their pages, while 
all the hard work is done behind the scenes in your tag handler class. But there are three 
different ways to build your own tag handlers, so there’s a lot to learn. Of the three, two 
were introduced with JSP 2.0 to make your life easier (Simple Tags and Tag Files). 



But why? 
why didn't you 
tell him you 
could do it? 


I didn't know about 
custom tags... I thought I was 
stuck with only JSTL, and nothing 
in JSTL could do what the manager 
wanted. Oh if only I'd known I 
could build my own... but it's too 
late for me. Learn this and... 
save yourself... 
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Tag Files: like include, only better 

Where the Container looks for Tag Files 

Simple tag handlers 

A Simple tag with a body 

What if the tag body uses an expression? 

You still have to know about Classic tag handlers 

A very small Classic tag handler 

The Classic lifecycle depends on return values 

IterationTag lets you repeat the body 

Default return values from TagSupport 

The DynamicAttributes interface 

With BodyTag, you get two new methods 

What if you have tags that work together? 

Using the PageContext API for tag handlers 
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Deploying your web app 

Finally, your web app is ready for prime time. Your pages are 
polished, your code is tested and tuned, and your deadline was two weeks ago. But 
where does everything go? So many directories, so many rules. What do you name your 
directories? What does the client think they’re named? What does the client actually 


request, and how does the Container know where to look? 



Reference to a remote bean 



Exam Objectives 

602 

Key deployment task, what goes where? 
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the stack 
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Upon getting 
the request, 
the Container 
calls Filter3's 
doFilterO method, 
which runs until 
it encounters its 
chain.doFilter() 
call. 



Keep it secret, keep it safe 

Your web app is in dangBr. Trouble lurks in every corner of the network. You 
don’t want the Bad Guys listening in to your online store transactions, picking off credit 
card numbers. You don’t want the Bad Guys convincing your server that they’re actually 
the Special Customers Who Get Big Discounts. And you don’t want anyone (good OR 
bad) looking at sensitive employee data. Does Jim in marketing really need to know that 


Lisa in engineering makes three times as much as he does? 


Top Ten Reasons to do 
your security declaratively 

(D Looks Beaton your resume. 

® «”n KreKS5?™ a,r " a * 

© It’s on the exam. 

(4) It’s just cool. 

, Finally, a wi 
Container... 


® to JVetiiy the cost of that 


Exam Objectives 

The Big 4 in servlet security 

How to Authenticate in HTTP World 

Top Ten Reasons to do your security declaratively 

Who implements security in a web app? 

Authorization roles and constraints 

Authentication: four flavors 

The FOUR authentication types 

Securing data in transit: HTTPS to the rescue 

Data confidentiality and integrity sparingly and declaratively 


650 

653 

656 

659 

660 
662 
677 
677 
682 
684 



The power of filters 

Filters let you intercept the request. And if you can intercept the requesf, 
you can also control the response. And best of all, the servlet remains clueless. It never 
knows that someone stepped in between the client request and the Container’s invocation 


of the servlet’s service() method. What does that mean to you? More vacations. Because 
the time you would have spent rewriting just one of your servlets can be spent instead 


writing and configuring a filter that has the ability to affect all of your servlets. Want to add 


user request tracking to every servlet in your app? No problem. Manipulate the output 
from every servlet in your app? No problem. And you don’t even have to touch the servlet. 



/ ServletA\ 
\service() / 
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Filter3 1 
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Filter3 1 
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the stack 

the stack 

the stack 

the stack 
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The Container 
pushes Filter7's 
doFilterQ method 
on the top of the 
stack - where it 
executes until it 
reaches its chain. 
doFilterQ call. 

The Container 
pushes ServletA's 
service() method 
on the top of 
the stack where 
it executes to 
completion, and is 
then popped off 

The Container 
returns control to 
Filter7, where its 
doFilter() method 
completes and is 
then popped off. 

The Container 
returns control to 
Filter3, where its 
doFilter() method 
completes, and is 
popped off. Then 
the Container 
completes the 


the stack. response. 
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Enterprise design patterns 

Someone has done this already. If you’re just starting to develop web 
applications in Java, you’re lucky. You get to exploit the collective wisdom of the tens 
of thousands of developers who’ve been down that road and got the t-shirt. Using both 
J2EE-specific and other design patterns, you can can simplify your code and your life. 
And the most significant design pattern for web apps, MVC, even has a wildly popular 
framework, Struts, that’ll help you craft a flexible, maintainable servlet Front Controller. 
You owe it to yourself to take advantage of everyone else’s work so that you can spend 
more time on the more important things in life... 


Struts in a 
nutshell 
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how to use this book 


Who is this book for? 


If you t an answer “yes" to ;ill of these: 


(T) Do you know how to program in Java (you don t need 
to be a guru)? 


© 


Do you like to tinker - do you learn by doing rather 
than just reading? Do you want to learn understand 
and remember servlets and JSPs, and pass the 
SCWCD for Java EE 1.5 exam? 


Do you prefer stimulating dinner party conversation 
to dry dull academic lectures? 


litis book is lot you. 


Who should probably back away from this book? 

If you ran answer “yes" to any of these: 


© Are you completely new to Java? You don t need to 
be an advanced programmer but if you don t have any 
expenence, go pick up a copy ot Head First Java nght 
now and then come back to this book 

© Are you a kick-butt Java programmer looking for a 
reference book? 

(D Are you a Java EE veteran looking for ultra-advanced 
server techniques, server-specific how-to s, enterpnse 
architecture, and complex, robust real-world code? 


© 


Are you afraid to try something different? Would 
you rather have a root canal than mix stupes with 
plaid? Do you believe that a technical book can't be 
serious if Java components are anthropomorphized? 


this book is not for you. 


[Note f' rOP 

for anyone 


. ^arketm} tv»« took 
witk a ] 


It 


XX 


intro 



We know what you're thinking. 

How < an /An hr .1 serious programming hook/'' 

What's witli all the graphics?” 

(Jan I actually learn it this wav?” 


And we know what your brain is thinking. 

Your brain craves novelty. It's always scan liing. M anning, nailing for 
something unusual. It was I mill lli.it way. and it helps you stay alive. 

So what does your brain do with all the routine, ordinary, normal things a 
you encounter? Everything it ran to stop them from interfering with the I 
brain’s real job recording tilings that mailer, It doesn't bother sav ing t* 

the boring things: they never make it past the "this is obviously not 
important'' litter. 

11< >w does your brain know what’s important? Suppose you’re out lor ’* 

a day hike and a tiger jumps in trout of you, what happens inside your ^ 
head and body? 

Neurons lire. Emotions crank up. Chemicals surge, fd 

And that’s how your brain knows... 

This must be important! Don’t forget it! 

But imagine you’re at borne, m in a library. It s a safe, w.irm. tiger-free Zone. 
You're studying. (Jetting ready |hr an exam. <)r trying to learn some 
tough technical topic your boss thinks will lake a week, ten days at 
the most. 


Just one problem. Your I train's trying to do you a big f.ivor. Its trying 
to make sure that this obviously nan-important content doesn’t clutter 
up scarce resources. Resources that are better --pent storing die ready 
/■ (" things, lake tiger*. like the danger of fire, like lu>w you should 
never again snowboard in shorts. 

And there’s no simple way to tell your brain, "Hey brain, thank you 
very much. I nit no matter how dull this bonk is. and bow little I’m 
registering Oil the emotional Richter scale right now, I really do want 
you to keep this stuff around." 


the i r to 



ks 

‘ ,M P°rla»l 


Great Only 
800 more dull, 
dry, boring poges 
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how to use this book 


W e 

So what does it take to team "^“^“Vlacls iowTo"'^^ Based on the 
you don’t tome! it- *• ™ l ab °° l P ' bio ,ogy and educational psychology, 

rr;^r:crron . ^«.——■—- brain ° n 

Some of the Head First learning principlesi 

-.. 

’**--«*»- “ v - w,,e p ' o ' >,e,, ” 

related to the content 




"«d* to tj|| t 
-tikcd of, tKt 
lerver 


RWl »«' 

i€** U 


doCalcO 


return value I 


Use . conversational and personal,rod style- » 

. a r\iK better on post'ledmlng 

recent stud.es, students per orme^P^ ^ ^ a first-person. 

i 

,oo S.OOVSI, Wars would you P*V ««• ««« « * * 

'it rtally sucks to be on ‘"v stimulating dinner pafty companion, or a 

obstroct method Vou / _ nr » deeply- In other words, 

don t ho*« o body Got the tearner to in , nothing much happen* In your head. A reader 

' unless you actively flex your neuron , ^ ^ problems, draw conclusions, 

has to be motivated, engaged. cu " ou >' 3 challenges, exercises, and thought 

Get—and Keep-the reader’s attention to things 

this but I can't stay awake past P« 9 * eye-catching, unexpected. 

mat ate out of the ordinary, interesting, strange. ^ ^ ^ Your bratn will 

‘o-o; Learning a new, tough, technical topic doesn - - 

f learn much more quickly If It's not. 

Touch«,— 

ISlaigrly depcndcnloo«s.mol'™' B „ a „ ,„^h,n,,!«*>shout s 
Y0 „,emrmK.wh.oyO“'r' l 'O'”«“" 9 “ ni ” -„h,, ,h.-r, sod.hr ted. 05 ol 

boy sod hi. do, W... islluog •”«■»££ ev ,, (bod> «,s. dunks is Iwd.» ^ 

tcaiuevooknowsonvo.hlngihst'l'"’ me technical than ihou" dob from oogmswiog docso 
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Metacognition: thinking about thinking 


If \• mi really want tit learn, and vou want U> Irani more quickly and inorr deeply, 
pay attention to hrtw you pay atu iition Think about how you think. Learn how you 
learn. 

Most o| nt. <lkl not take courses on metacognilion or learning theory when we were 
growing up. MV- were / t/tn W to learn, hut rarely taught to leant. 

But we assunie that if you're holding this book, you really vs.tut to leant how to build 
welt applications in.Java, and pass the S( IWC'-I) exam. And you probably don't want 
to spend a lot ol tunc. II you want to use what you rrad in this book, you need to 
remrmber what you read. And Ibr that, you've got to undmtand it. To get the moil hom 
litis hook, or any I took 01 learning experience, take responsibility list your brain. Your 
brain on this content. 

The trick is to get your brain to see the new material you're learning 
as Really Important. Crucial to your well-being. As important as 
a tiger. Otherwise, you're in Ibr a constant battle, with your brain 
doing its best to keep the new content from sticking. 

So just how DO you get your brain to treat 
servlets like it’s a hungry tiger? 

There’s the slow, tedious way, or the faster, more idler live way. 

Hie slow way is about sheer repetition. You obviously know that 
you run able to learn and remember even the dullest ol topics 
il you keep pounding the same thing into your brain. With enough 
repetition, your brain says, “This doesn't jiul important to him, hut he keeps looking at 
the same thing oin and ever and u;rr, so I suppose it must be." 

I'lie faster wav i> to do anything that increases brain activity, espei i.dlv different 
()/*•< of brain aetiv itv. The tilings on the prev i< iu» page are a big part of the solution, 
and they're all things that have lieeu proven to help your brain work in your favor. For 
example, studies show that putting words Lilian die pictures they describe las opposed to 

•.-nm/sielw.i'e nlte i»v n r rrr» I• L*• • i . 'mtv vn nr m »lie* lw crli- lovt i «"tit0<»c four lirnm In tri- t<i 
*• *iiis om il. * i.n it I «m |Jttt^v. l nv u v. «s t »-»» ui tin *no.t * viai . tmi.n • y i^Ut to uui iu «i i o ‘ 

makes sense of how die words and picture relate, and this causes more neurons to lire. 
More neurons firing = more chances Ibr your brain to grt that this is something worth 
paying attention to, and possildy recording. 




A conversational style helps because people tend to pay more attention when they 
perceive that they're in a conversation, since they 're expected to follow along and hold up 
theii end The amazing thing is. your brain doesn’t necessarily can that the “conversation” 
is between vou and a book! ()n the other hand, if the wTiting style is Ibrmal and dry. your 
brain perceives it the same way you experience being lectured to while sitting in a roomful 
of passive attendees. No need to stay awake. 

But pictures and conversational sty le are just the beginning 
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Here's what WE did: 


We used pictures, because youi brain is tuned iiit visuals, not text. As liu as your brains 
concerned, a pit tun? n ails is worth a thousand words. And when text and pic tures work 
together, we etnhedded the text m the pi< lures because your brain works more effectively 
when the text is a ithw the tliiii)> tjie text refers to, as opposed to in a caption or buried in the 
text somewhere. 

Wi used redundancy, saying die same Uting in different ways and with different media types, 
and multiple senses, to increase the chance that the content gets coded into more than one area 
of your brain. 



We used concepts and pictures in unexpected ways because your I train is tuned for 
novelty, and we used pictures and ideas with at least • nn emotional enntnil. because your 
brain is tuned to pay attention to the biochemistry of emotions. That which causes you to 
Jed something is more likely to lx’ remembered, even if that feeling is nothing more than a 

little humor, surprise, or interest. 

We list'd a personalized, conversational style, because your brain is tuned to pay 
more attention when it believes you’re in a conversation titan if it thinks you’re passively 
listening to a presentation. Your brain does this even when you’re reading. 



We included mom than 40 actii’ities. because your brain is tuned to learn and rememlwr 
more when you do things than when you read about things. And we made the exercises 
< hallciiging-yet-cloable, I treatise that’s what most people prefer. 



We list'd multiple learning styles because r w might prefer step-by-step procedures, while 
someone else wants to understand the big pic lure first, and someone else just wants to see 
an example. But regardless of your own learning preference, every me benefits from seeing the 
same content represented in multiple’ ways. 


Wt include content lot both sides of your brain. Ixc .ruse the inote of your brain you 
engage, the more likely you are to learn and reinemlier, and the longer yon can stay focused. 
Since working one side of the brain often means giving the other sit It- a chance to test, you 
can he niore productive at learning lor a longer period of lime. 


And we included stories and exercises that present more than one point of view, 
because your brain is tuned to learn more deeply when it’s forced to make evaluations and 
judgments. 


We included challenges, with exercises, and bv asking questions that don't always have 
.1 straight answer, because your brain is tuned to learn and remember when it has to awA at 
something. Think about n you can’t get your body in shape just lw ante lung people at tltc 
gym. But we did our best to make sure dial when you're working hard, it’s on the right things. 
That you 're not spending one extra dendrite processing a hard-to-understand example. 
01 parsing difficult, jargon-laden, or overly terse text. 

We used people In stories, examples, pictures, etc., because, well, because you're a person. 
And your brain pay s more attention to peirple than it dors to things. 

We used an M0/20 approach. We assume that it you’re going tor a I’hl) injSPs, this won’t be 
your only Iwxtk. So we don’t talk about everything... just die stud you'll actually need. 
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Here's what YOU can do to bend 
your brain into submission 

So. we did our part. Hie rest i-; up to you These tips .ire a 
starting point: listen to your brain and figure out what works 
lor you and what doesn't. Try new tilings. 

Cui iK,J tUk ti 

o" your rt^r^er^ 


(?) Slow down. The more you understand, 
the less you have to memorize. 

Don’t just rend. Stop and think. When the 
lx ink asks you a question, don't just skip to the 
answer. Imagine that someone really is asking 
the question. The more deeply you forc e your 
brain to think, the better chance you have ol 
learning and remembering. 

( 2 ) Do the exercises. Write your own notes. 

We pul them in, but if we did them for you. 
that would be like having someone else do 
your workouts for you. And don’t just loot at 
the exercises. Use a pencil. There's plenty of 
evidence that physical activity while learning 
can increase the learning 

( 3 ) Read the “There are No Dumb Questions” 

That means all of diem. They're not optional 
sidebars they 're part of the core content! 

Don’t skip them. 

(4) Make this the last thing you read before 
bed. Or at least the last challenging thing. 

Part of the learning (especially the transfer to 
long-term memory) happens alter you put the 
book down Void brain needs time on its ow n, to 
do more processing. If you put in something new 
during that processing tittle, some of what you 
just learned will br lost. 

( 5 ) Drink water. Lots of it. 

Your brain works Ixst in a nice bath of fluid. 
Dehydration l which can happen before you ever 
feel thirsty! dec reases cognitive function. 


(fi) Talk about it. Out loud. 

Speaking actuates a different part of the brain. 

If you’re try ing to understand something, or 
increase your chance of remembering it later, say 
it out loud. Bettet still, trv to explain it out loud 
to someone else. You’ll learn more quickly: and 
you might uncover ideas you hadn’t known were 
there when you were reading about it. 

( 7 ) Liston to your brain. 

Pay attention to whether your brain is gelling 
overloaded. If you find yourself starting to skim 
the surfac e or forget what you just read, it's time 
lor a break. < )ncc you go past a certain point, you 
won't learn foster by try ing to shove more in, and 
you might even hurt the process. 

(f3) Fool something. 

Your brain needs to know that (Ins matters. Gel 
involved with the stories. Make up your own 
captions for the photos. Groaning over a bad joke 
is ih7/better than feeling nothing at all. 

ffll Take the final Coffee Cram mock exam 
only ATTCR you finish the book. 

If you take the exam too soon, you won’t get a 
dear picture of how ready you are for the- exam. 
Wail until you think you're close to ready; and then 
lake- die exam. And be sure you only give yourself 
180 minutes the length of time you’ll have to 
take the real SCWCl) exam. 
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What you weed for this book: 

Resides your brain and a pencil, you need Java, Tomcat 5, and a 
computer. 

You do not need any other development tool, such as an Integrated Development 
Environment IDE We strongly recommend that you not use anything but a 
basic editoi until you complete this I molt. A servlet/JSI'-aware IDE can protect 
you front some of the details that really matter (and that you'll be tested onj, so 
you're much better oil developing the bean code completely In hand. (>nce you 
really understand what’s happening, you ran move to a tool that automates some 
of the servlet/JSP creation and deployment steps. 11 you already know how to 
use Ant, then alter chapter 3, y ou can switch to using it to help you deploy; but 
we don't recommend using Am until after you've completely memorized die 
web app deployment structure. 

-GETTING TOMCAT- 

■ If you don t already Java SE vl .5 or greater, you II need it 

■ If you don t already have Tomcat 5, go get il from 

http://tomcat.apache org/ 

Select "Tomcat v5.5’ in the Downloads menu on the left side of the home page 

■ Scroll down to the “Binary Dtstnbutions" section and download the version of your 
choice If you do not know, then select the ’Core' dtstnbution, it is all you need 

■ Save the installation file in a temporary directory 

■ Install Tomcat 

For Windows that means double-clicking the install exe file and following the 
installer wizard instructions. 

For the others, unpack the install file into the place on your hard drive where you 
want Tomcat to be 

■ To moke it easier to follow the book instructions, name the Tomcat home directory 
'tomcat' (or set up a "tomcat" alias to the real Tomcat home). 

■ Set environment variables for JAVA_HOME and TOMCAT_HOME, in whatever 
way you normally set them for your system 

■ You should haveacopyofthe specs, although you do not need them in order to 
pass the exam At the time of this writing, the specs are at 

Servlet 2.4 (JSR #154) http:Wjcp.org/en/jsr/detail?id=154 
JSP 2.0 (JSR #152) http://jcp.org/en/jsr/detail?id=152 

JSTL 1.1 (JSR #52) http://jcp.org/en/jsr/detail?id=52 

Go to the JSR page and click on the Download Page for the final release 

■ Test Tomcat by launching the tomcabbin/startup senpt (which is startup.sh) for 
Linux/Unix/OS X Point your browser to 

http;//1ocalhost:8080>' and you II see the Tomcat welcome page 







Java 2 Standard Edition 1,5 
Tomcat 5 

The exam covers the 
following specs; 

• Servlets 2 4 

■ JSP 2.0 

■ JSTL1 1 
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Last-minute things you need to know: 

This is a learning experience, not a reference book. We deliberately sn ipped out 
everything that might get in the way of Uarniitg whatever it is we're working <m at that 
point in the bonk. And the lirst tittle tliniuglt. you need to liegiu at the beginning, 
because tin* book makes assumptions a I tout what you've already seen and learned. 

We use simple UML-fike diagrams. 

Although there’s a good chance you already know I’MI, it’s not covered on the exam, 
and it’s not a prerequisite liir die ImmiL So you won't have to worry about learning 
servlets,JSP,|STL. t/WUML at (lie suite time. 

We don’t cover every single picky detail from the spec. 

The exam n pretty detailed, though, and so are we. But if there's a detail in the spec 
that's not covered in the exam, we don't talk about it unless it's important to most 
component developers. What you need to know to begin developing web components 
(servlets andJSPs), and what you need to pass the exam, overlap about 8.W We 
rover a few tilings not on the exam, but we point them out so you don't have to try to 
memorize them. We created the mil exam, so wr know whne you should locus your 
energy! IT there's a chance dial this one pit kv detail miglil be on one question on the 
exam, I nit the ellbrt to learn ii isn’t ready worth it, wr might skip it, or cover it only 
wry lightly, or only in a mock exam question. 



Director 


getMovies 

getOscars() 

getKevinBaconDegreesl) 


The activities are NOT optional. 

The exercises and activities are not add-ons: they’re part of the core content of the 
book. Some of them are there to help with memory, some lot understanding, sunn* to 

help you apply what you'vi I i n< d. Don't sh 


The redundancy is intentional and important. 

( )ne thing that's distinctly different in a Head Hist book is that ,c, mint mu to troth truth 
mi/lr pt it. And \s<- vs. ml yon to finish the book icmrmhrting wbal ynu\v learned. Most 
infornt.ilkm or reference books don’t necessarily have retention anti recall as a goal, but 
in litis book you'll see some <>l the siutir concepts come up more than once. 


The code examples are as lean as possible 

()tir readers tell us tit.a it's frustrating to wade through 'J<K1 lines.>| code looking 
li>r the two lines they need to understand Most examples in this hook are shown 
vvitliin the smallest possible context, so that die part you're trying to learn is clear and 
simple. Don’t expect the code to lie robust. 01 even complete. That's wur assignment 
lor after you finish the hook I he hook examples are written specifically for training, 
and aren’t always fully hint tional. Some of the code examples for the hook are 
available at vww.headfirst iabs.com. 
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About the SCWCP (for Java EE 1.5) exam 

The updated SCWCD exant is tailed "Suit Certified WV'Li Component Developer lur the Java 
Platini in. Enterprise Edition 5” but don't get confused by the title. 1’he ti|xlated 

exam is still designed forjav.i EK v I I and for the sen let \ 2.1 andjSP v2.M specifications. 

Oo I first have to pass the SCJP? 

Yes. Hie Welt Component Developer exam, the Business Component Developer exam, Hie 
Mobile Application Developer exam, the Web Services Developer exam, and the Developer exam 
all require you to be a Sun Certified Java Programmer. 

How many questions? 

You’ll get 69 questions when you take the exam. Not everyone gets the same 69 questions: there 
ar e many diilercnt versions of the exam. But everyone gets the satire degree of difficulty; mid the 
same balance rtf' topit s. ()n the real exam, expect to see at least one question front e.u It exam 
objective, and there are a few objectives where you’ll get moir than one question. 


How much time do I get to complete the exam? 

You get three hours lf.ll minutes . Most people don’t find this to be a problem, because these 
questions don’t lend themselves to long, complicated, puzzles. Most questions are very short and 
are multiple-choice, and you cither know the answer or you don’t. 

What are the questions like? 

They are almost exactly like our mock exam questions, with one big difference the mi! exam tells 
you how many answers are itirret t. where we do not. You will see a handful of drag-mid-drop 
questions, however, that we can’t do here. But drag-and-drop questions are just the interactive wav 
of matching one tiling to another. 


How many do I have to answer correctly? 


You must get 49 questions correct (70 ,l >. to pass the exam. When you finish answering all of the 

rMi.,<li. I ... I * I » >iir *n «. .* /-s ,,**»**- lls», --E' l.« <1 I • • • ■, » 1 1 s-vv*» U - is w, tl*> 4 ■ , /di.'l* ■! 

tjtii ipuu van mt-iii-v tiiiM/t *»mi iii< *i»»m imiiii'ii ttinii >imi ii<o> tin i truiui^i t*»\mivii. 

Because in, like, six nanoseconds, you’ll know whether you passed (of course you wilt; 


Why don’t the mock exams in the book tell you how many options to 
choose for the correct answer? 

We warn out exams to be just a little more difficult than the real exam, to give you die most 
realistic pii tun 1 of whether you’re ready to take the exant. People tend to gel higher scores on 
book mock exams because they retake the same lest more than once, and we don't want you lo get 
a lalse picture of your readiness to take the exam. Readers have reported that the score they get on 
die tral exam is very close to the score they get on die mock final exam in this hook. 
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What do I got after I take the exam? 

Be lore vuu leave the testing center. lx- sure to gel your exam report. Il shows a summary of youi s* ore 
in each major area, and whether you passed or failed, hup this! It's your initial proof that you’ve been 
certified. A few weeks after the test, you'll neta hide package from Sun Educational Services that 
includes your mil printed certificate, a congratulations letter from Sun, and a lovelv lapel pin that says 
Sun Certified Web Component Developer in a lout so incredibly small that you could pretty much 
claim to be certified in anything you like, and nobody could read it to tell the dilfcrence. It does not 
include the alcohol you'll be wanting after you pass die exam. 

How much does it cost, and how do I register? 

The exam costs l : .S. $2<HI. Which is why you need this book... to make sunt you pass the lira time. 

You register through Sun Educational Services, by giving them your credit card number. In exchange, 
you'll get a muffin number, whit h you'll use to schedule an appointment at a Promctrk Testing Center 
nearest you. 

lo jet the details online and buy an exam voucher, start at: http: //www.sun. com/ training/ 
certification/. If you’re in the U.S.. you're all set If you’re not in the US., you can select a 
country from the right menu bar. 


What’s the exam software like? 

It's dead simple to use you get a question, and yon answer it. If you don’t want to answer il. you can 
skip it and come hack to it lain. If yon do answer it. hut aren't sun-, and you w ant to come hack to il if 
you have more time, you can “mark - ’ a question. < )ncc you’re done, you’ll see a screen that shows all of 
the questions you haven’t answered, or have marked, so that you can go back to them. 

At die very beginning of the exam you’ll get a short tutorial on how to use the software, where you get 
a little practice test not on Serv|ets|. The time you spend in the tutorial does not count as time spent on 
the SCW'Gl) exam. The i lot k doesn’t start until you’ve finished the exam software tuinri.il and you're 
ready rn iH-gin. 

Where can I find a study group, and how long will it take to prepare? 

The best online disc ussion group for this exam just happens to be die one that the authors moderate! 
it Josh, what are the odds/i Stop by javaranch.com and go to the Big Moose Saloon that's where 
all the discussion forums are.i. You can’t miss it. I'lierc w ill always lx- someone there to answei your 
questions, including tn.Jav.iRaiich is the friendliest Java community on the Internet, so you’re welcome 
no matter what level you’re at with Java. Il you still need to take the N( jjE we'll help you with that one 
Ion. 

How long it lakes you to get ready for the exam depends a lot on how much sen lets andJSP 
experience you’ve had. Il you're me to servlets and JSI 1 . you might need anywhere from t» to 12 weeks, 
depending on how much time you can devote to it each day. Those with a lot of recent servlets andJSP 
experience can often be ready in as little as three weeks. 
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Other people to bl^e: 

At O’Reilly: 

(>ur biggest thanks to Mike Loukides ;ii < >"R«-ill\; for starting ii all, and 
helping lo shape the Head First concept into a series. We love having an <*elii«»r 
who is a Real Java Guv. And a big thanks to the driving force behind I lead First, 
Tim O’Reilly I .inky for ns. he's always thinking about tin- future, and enjoys 
being a disruptive influence. I hanks to the ( lever Head first "sri irs mom" Kyle 
Hart for figuring out how Head first fits into the rest of the computet book 
World. 

Our intrepid reviewers: 

(>K, so the book took a little longer than we'd planned. Rut without JavaRanch 
review manager Johannes dejong, it would have been uaritv late. You are our 
hem. Johannes. And our special thanks ti Joe Knnior, whose feedback on each 
chapter was pretty much the same siy as the chapter. YVr deeply appreciate the 
relentless ellbrt and expertise and < heerfulnes- ol Philippe Macquet .Ml 
three of the authors love him so much we want to man y him...hut that would 
he weird. And we're very grateful to Andrew Monkhouse for IhiiIi technical 
feedback (Whelp with the subtle Knglisli-lo-Australiau Iraiislalions. Jef 
Camps, your MP3 rendition ol the "set I leader ' song was lerrilir (exc ept for 
maybe being a bit ana,, and your technical comments were rtallr helpful. 

Dave Wood hammered us on c. o rthinii, and was fond of pointing to early 
pages and saying, “V h/it'i not very Heat! Firsty.” We also got some ext client 
frrdbark from JavaRanch moderators Jason Menard. Dirk “fish fare” 
Schrerkmann Rob Ross. Ernest Friedman-Hill, and Thomas Paul 

.Mid as always, thanks especially to the javaranch.rnm I rail Boss, Paul Wheaton 

Special thanks to the following lech reviewers lor the second edition Bear 
Uibeault. Theodore Gasser. Ulf Dittmer Preetish Madalia. Sergio 
Ramirez. Oliver RoelL Neeraj Singhaf and Collins Tchoumba 


Alack Exam Queationa 

If you find yourself lianging your head over a particularly twisty or turn-y 
JSP mi m k question, don’t blame us blame Marc IVabody! Thanks Man for 
helping us keep all the SCWCD c.indidales on their toes. Mart spends copious 
amounts of his free time moderating at JavaRanch. where hr has been known 
to incite ranchers lo construct horrible tnashups out of innocent Java EE 
tcchnoh >gicv 
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Even wore people* 

From Bryan Basham 

I could start by thanking my Morn, but that's brcri done licforr...My knowledge ofJava 
\vcl» development is founded in .1 few medium-scale applications that I have* written, but 
drat foundation was honed and refined by years ol debate on a Java instructor email 
alias internal to Sun. In particular. I would like to thank Steve Stdting. Vii tor liters. 
I.isa Mortis. Jean I'ordella, Michael Judd. Kvan Troyka, and Keith Ratliff. There were 
man) |K-ople that carved my knowledge, but these six have beetr the knives that have 1 in 
me the deepest. 

As w ith all Irook prnjec is, the Iasi three months were pretty dilfit ult. I want to thank my 
flam e, Kathy < ollina, for being patient with me. I want to thank Karma ami Kiwi our 
1 ats| for the late night sessions of lap-sitting and keyboard Iroum ini'. 

Lastly, and most importantly, I must thank Kathy and Bert !i>r even suggesting that 
we take on this project. Kathy Sierra is truly unique in the world. I lei knowledge ol 
mctacognition and instructional design is matched only by her creative juice dial pours 
out ol' her Head First bookv 1 haw worked in edui ation lor live years now and I have 
leatned nearly everything I know from Kathy... < >h. don’t worry about my Mom; she 
w ill gel a big dedication in my next Head First book, I love you. Mom! 

From Kathy and Bert 

Thai was so mushy Bryan, grr*. iNot that Kathy doesn’t appreciate the sucking up.i We 
agree about your fiance, though. But it’s not like she wmo/you. out playing Ultimate all 
summer long while ar were working like dogs at our Biwerlxtoks. But you really made 
ibis a rewarding experience Bryan, and vou’re the best 1 co-author we’ve ever had! It’s 
almost frightening how calm and happy you are nil t/ir limr. 

We all appreeiale the hard-working Sun exam rerlifiealiou team, especially Java rrrt 
manager Evelyn Cartagena, and we thank all the folks who helped develop theJSRs for 
the Serv let and jSr specs. 


"The Urge number of acknowledgments Is because we te testing the theory 
that everyone mentioned in a book acknowledgment will buy at least one copy, 
orobabiy more, wha! with relatives and everything If you’d like to be in the 
acknowledgments of our ns it book and you have a large family wme to us. 

'Point of clanfication Bry an is the only co-author we ve ever had, but that in no 
way diminishes the intent 
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1 intro ard overview 


Why use Servlets & JSPs? 



Hah! I know 
CGI My website will 
-i rule the world. 


You fool I You must use 
Servlets and JSPs If 
you continue to write 
Perl scripts, I will 
V destroy you 


Web applications are hot. Sure GUI applications might use exotic 

Swing widgete. but how many GUI appe do you know that are used by millions 
of users worldwide? As a web app developer, you can free yourself from the 
grip of deployment problems all standalone apps have, and deliver your app to 
anyone with a browser But to build a truly powerful web app. you need Java. 

You need servlets You need JSPs Because plain old static HTML pages are so 
well, 1999 Today's users expect sites that are dynamic, interactive, and custom- 
tailored Within these pages you II learn to move from web site to web app 


this is a new chapter 





official Sun exam objectives 


OSJIKTWES 



Servlets & JSP overview 


Coverage Notes: 


«|For each of the HTTP Methods (such as GET, 
POST, HEAD, and so on): 

* Describe benefits of the HTTP Method 

‘ Describe functionality of the HTTP Method 

* List triggers that might cause a Client 
(usually a Web browser) to use the method 

Also part of Objective 1.1, but not covered 
in this chapter: 

* Identify the HttpServlet method that 
corresponds to the HTTP Method 


/ lie objectives in l/in iff lion are corrmi 
completely in another chapter, so think of 
this, chapter as a first-lookfoundation for 
a hat comes iatrr. in other word*, don't .corn 
about finishing this chapter knowing land 
remembering) anything i prci/ic Jtorn these 
objective*; just use it for background. If you 
already know there topics, you ran just skim 
this chapter and jump to chapter 2. 

)ou won't have any mock exam i/uestions on 
these topn s until you get to the nwye specific 
chaptn where those topics are catered. 
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intro architecture 


Everybody wants a web site 

You have a killer idea lor a well site. To destroy the competition. you 
need a flexible, sealable areh iter lure. You need servlets andJSPs. 

Before we start building, let's take a look at the World Wide Web 
from about 40k feet. What we r are most about in ibis ehapter are 
how web clients and web servers talk to one another. 

These next several pages are probably all review for you, especially if 
you’re already a web application developer, but it'll give us a chance 
to expose some of the terminology we use throughout I lie- book. 



•the earth 


f «eb tons«st» of o* 

Uh) browsers like Aor 
(an) and servers (usm} « rVe ' r 
ps like Ayathe) tonnetted thro^h 
r«s and wireless networks Ovr I * 

build a web ayyl'tation that tl^t* 
ound the ^lobe tan attess And to 
:tome obsteneh/ nth 


you are here ► 
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web erver 


What does your web server do? 

A web server takes a client request and gives 
something back to the client. 

A wrh browser lets a user request a resource. The welt server nets the 
request, finds the resource, and returns something to the user. 
Sometimes that resource Ls an HTML page. Sometimes it's a picture. Or 
a sound file. Or even a PDF document. Doesn’t matter the client asks 
for ilt«* thing resource) and the server sends it back. 

Unless the thing isn't there. ()i at least it’s not where the servei is 
expecting it to he. You're of course quite familiar with the “104 Not 
Found'' error the response you get when the server can't find what it 
thinks you asked lor. 

When we say “server", we mean either the physical machine (hardware) 
or thr web server application I software). Throughout the hook, if 
the clilferenee between server hardware and software matters, we’ll 
explicitly say which one i hardware or software) we're talking about. 


Tke tliesti revest do *ta.ns 

And addre* UflU, of 
tke tk,ng the die** « look,^ 

At 

ITjR 

request 



TW *r*« r 

1 i, Jl “torUrvt that 

*•, .1 ,_4eivl t-*" ® < . 

***■ ^ 
other rt^rtts 


Client 


•"e^ett could - i i °^ e ^ke 

T la "°t « Proeesfedl 
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intro architecture 


What does a web client do? 

A web client lets the user req uest something on the 
server, and shows the user the result of the request. 

When wr talk about dints , (hough, wr usually mean both (or cither) (lit* 
human user and ihc browser application. 

The brouter is (lie piece of software like Netscape or Mo/.ilia, that 
knows how lo communicate with the server. The browser's other big job 
is interpreting the HTML code and rendering the web page for the user. 

So from now on. when we use tine term client . we usually won’t care 
whether we’re talking about the human user or the browser app. In 
other words, the client is the browser app doing what the urn asked it to do. 


User clicks a link 



click 


itmm 


Browser formats the 
request and sends it 
to the server 





Server finds the 



User 


Browser 


Server 


r 



User 


Browser gets the HTML 
and renders It into a 
display for the user 



to the client (browser). 

Browser 



Server 



you are here ► 
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HTML and HTTP 


Clients and servers 
know HTML and HTTP 


HTML 


When a server answers a request, 
the server usually sends some type 
nl content to the browser so tli.it the 
browser can display it. Servers often 
send the browser a set of instructions 
written in HTML, the HyperText 
Markup Language. Tin HTML 
tells the browser how to present the 
eontent to the user. 

All web browsers knots ttliat to do 
with H TML, although sometimes .in 
older brow ser might not understand 
parts of a page that tvas written using 
newer versions of HTML. 


HTTP 


Most of the conversations held on the 
web between clients and servers are 
held using the HTII* protocol, which 
allows for simple request and response 
conversations. Lite client sends an 
HTTP request, and the server answers 
w ith an HTTP response. Bottom line: 
if you W « itwfc mrnvr, you s-pi>ak HTTP 

When a web server sends an HTML 
page to the client, it sends it using 
HTTP. You’ll set* the details oil how- 
all litis works in the next frw pages. 

TYI: H i l l* stands for HyperText 
Transfer Protocol.) 



HTML tells the browser 
bow to display ibe content 
to tbe user. 

HTTP is tbe protocol 
clients and servers use on 
tbe web to communicate. 

Tbe server uses H I 1P to 
send HTML, to the client. 
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Two-minute HTML guide 

When von develop a wrb page, you use HTML to drsc rifie what die 
page should look like and how it should liehave. 

HTML lias dozens ol fat's and hundreds of lag attributes The goal 
of HTML is lo take a text document and add lags that tell the browsei 
how to format the text. Below are the lags we use in the next several 
chapters. If you need a more complete understanding of HTML we 
recommend the book III ML & XHTML Thr Dejinitice tiuide (O'Reilly: 


Tag 

< 1 — —> 

<a> 

<aliqn> 

<body> 

<br> 

<center> 

<forni> 

<h1 > 

<head> 

<html> 



Description 

where ym put your comments 
anchor - usually for putting in a hyperlink 
align the contents left, rigid, centered, or justified 
define the lx>un<lanes of the document's body 
a b " ak 

ulm , » 10«e ^ , 

center the contents ^ -h, read tha* the alterrobve, i* /«* rf - 

^fetarnHTMLatW-) 

define a form w hic h usually provides input fields 
the first level heading 

define the 1x>uud«ti ies of the dm niiieiil ' heudei 
define the lxiundarit's ol* the H I \1L document 


<input type> defines an input widget lo a fonn 


<p> it new paragraph 

<title> the HTML document's title 


you are here ► 
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writing -1TML 


What you write... 

(the HTML) 

Imagine you’re creating a login page. The simple HTML 
might look something like this: 




to**" 1 


iCW* 


<html> 

<!— Some sample HTML —> 

<head> 

<title>A Login Page</title> 

</head> 

<body> 

(B) <hl align«"center">S)cyler's Login Page</hl> 

<p align="right"> 

(d) <img sre-"SKYLER2.jpg" width-"130" height-"150"/> 
</p> 

<form action="date2"> ^ tyxe re< \ v ' e 


is rested 
ms.ae a ’ 

^ m ordrr ? ^ 

Sl»"? 


re '+"'1 " . 
„yle tx> r*» A > 


© 


Name: <input type="text" name="paraml"/Xbr/> 

Password: <input type="text" name="param2"/><br/xbr/Xbr/> 


(?) 


<center> 

<input typo-"SUBMIT"/> 
</center> 


II talk more about 
W-s later, but br*f|y, 


</form> 

</body> 

</html> 


* 

The 

the W- 


the browser ta n un f fl 

the user’s mput Jlvd 

rrfj*** tl I. it. . 

- • - -t. w enc server 


The <br> ta^i 
eause I me breaks. 



TipVvy You need only the most basic HTML 
1 knowledge. 

HTML pops up all over the exam. But you’re 
not being fr.vWon your H I'ML knowledge. You’ll see 
HTML ill (he context oi a large chunk of questions, 
though, so you need at least some idea of what’s 
happening when you see simple HTML, 
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intro architecture 


What the browser creates... 

The browser reads through the H I Ml. code, creates the 
well pagr, and renders it to the User’s display. 


® 


A Login Page 


4 S | 


0 

*| http7/www wickedlysmart conv'skylogin html 


® 


QQ Apple .Mac Amazon eBay Yahoo! News* 

Skyler's Login Page 


® 



Name: 

Password: 


Submit 


© 


*-i 

• I 


© 


you are here ► 
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HTTP protocol 


What is the HTTP protocol? 

HTTP runs on top of Tt’.P/ll’ If you’re not familiar with 
those networking protocols, here’s the crash course: TCP 
is responsible for making sure that a file sent from one 
network node to another ends up as a complete file at the 
destination, even though the iile is split into chunks when 
it's sent. IP is the underlying protocol that movcs/rotites 
the chunks (packets) from one host to another on their 
way to the destination. HTTP, then, is another network 
protocol that has Web-specific features, but ii depends 
on TCP/IP to gel llie complete request and response 
from one place to another. The structure of an HTTP 
conversation is a simple Request/Response sequence: a 
browser "quests, and a server responds. 


■ ‘■fIT 9 * 10xcex,a,jRL i I 

gsisr / 


S' 


1 


Web 

browser 





• 



HTTP request 


Client 


HTTP response 

Key elements of the 
response stream 

► A status code (for whethet 
the request was successful) 

► Content-type (text, picture, 
HTML, etc) 

I ► The content (the actual 

I HTML, image, etc) 



Server 


|& 


You don’t have to memorize the HTTP spec. 


IV H I I P protocol is an IKTF standard, RFC 2610. If you care. 
Fortunately, the exam doesn’t expect you to. Apache is an example of 
a Web server that processes HTTP requests. Mo/illa is an example of 
.i Web browser that provides the user with the means to make II I I P 
requests and to view the documents returned In the server. 
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HTML is part of the HTTP response 

An H I I P response' can lontnin H TML. H i l l’ adds header 
information to the top of whatever content is in the response in 
other words, the thing coming hack from the server I. An HTML 
browser uses that header info io help process the HTML page. Think 
ol the HTML content as data pasted inside an H I I P response. 






Web 

browser 





_ 1 

Lawaiuv 


HTTP request 




HTTP response 


Client 


I 



Server 


HTTP header - ? HTTP header info 

t-d, <*, /-y\ ~ 

|; ** d> 

nl/VTL-renden^ ^odc and 
displays the fa3e ^ ^ 


When the bro.^ yt* to a* ^ 
foo. ,t operates aether 


ta^ * ¥ 

HTTP to y> Y* the 

resource described I" this case 
the browser will *ake a second 

HTTP rtfest to yt the ?»ttw 

referenced in the <**}> 


</he*d> 

I I <body> 

arcs . . _ > 
I j < /body> 

I I </htMi\ 



HTTP body 


you are here ► 
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HTTP methods 


If that's the response, what's in the request ? 

The first thing you'll find is an HTI l J method name. These aren’t Jarn 
methods, hut the idea is similar. The method name tells the server the 
kind of request that's being made, and how the rest of the message will be 
formatted. The HTTP protocol has several methods. Inn the ones you'll use 
most often arc GET and POST. 


GET 



Browser sends an HTTP SET 
To the server, asking The 
server To SET The page 


Browser 


POST 


User types in a 



User Browser 


Browser sends an HTTP POST 
To the server giving the 
server what the user typed 



Server 
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(LET is a simple request 
POST caw sewd user data 


UE1 is the simplest HTTP method, and its 
main job in life is to ask the server to g rt a 
resource and send it bark. Thai resource might 
be an H I'M I. page, a [PK(i, a PDF, eti. Doesn't 
matter. The point of GET is to grt something 
back from the server. 

POST is a more powerful request. It's like a 
( JET plus plus. With P< >ST, you can reqursl 
something and at the same time semi form data 
to the server (later in this chapter we ll sec what 
tin- server might do w ith that data). 


dlm5l’ r cfiiest5pns 


0 : 

So what about the other HTTP methods 
besides GET and POST? 


A! 

Those are the two big ones that everybody 
uses. But there are a few rarely used methods (and 
Servlets can handle them) including HEAD. TRACE, 
PUT, DELETE, OPTIONS, and CONNECT. 

You really don’t need to know much about these 
others for the exam, although you might see 
them appear in a question. The Life and Death 
of a Servlet chapter covers the rest of the HTTP 
method details you'll need. 



you are here ► 
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HTTP >ET 


It's true... you cap send a little data with HTTP GET 

But you might not want to. Reasons you might use l*OST instead of (ill I include: 

(?) The total amount of characters in a (JET is really limited (depending 
on the server). II the user types, say, a long passage into a “search” 
input box. the GET might not work. 

(D The data you send with the GET is appended to the URL up in 
the browser bar. so whatever you send is exposed. Better not put a 
password or some other sensitive data as part of a GET! 


(3) Because of number two above, the user can't 
bookmark a form submission if you use l’( IS I 
instead of GET. Depending on your app, you may 
or may not want users to be able to bookmark the 
resulting request from a form submission. 

The original URL before the 

e*tn parameters. 


l*M» 

f f ■«. a. it 



Jav* Ranch lig Mooic Saloon Books fo«r the SCWCD 1.4 V 

com/rgt- trin/ubfc/uttimarebb rgi^ibb-grrrocicA f* ISA<-OOT47A QBrQ 

•1 »fl«v Cahtm* Ham* * 



AW" How clover really 
, ^ , learned polymorphism"" 



r*t rmna 1* 


I Snot I r*Q 1 fanrm "orr* 


N»ogr< 

} i.4 ?? 


Mu 



tnpsr iHlil tor ttM IOKP tin 

D pTM*r# fHr «r> r. 1104 on AM 


Hi every one I 


in ca tm iy - - 


I want to prepare for the SCWCD and would like to know which good books you advice me, specially that on the 
market the books that exist for this certification are focus on the SCWCD 1 3, no book yet for the new version 
SCWCD 1.4, and I'm planning to pass the new version of the a ram, so wtuch good book I should to study on It t 
Thank you m advance for any answer and advice © 


Kathy Sierra 


you rrttl Self **0* t)»< e*aw. cke£k ait 
ah<£t« latWti 1001 ur.WW 

» tad rirtmM^adlboM t» k»Y «VUw Uh 

□ -■ •-!. .... -at 1 a" l! 7: Vrl □ 40 Df “ " **“* r 
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Anatomy of an HTTP ftET request 

I'Im- path in tlir ri'smirce, and an) paramelris added In lJu- 
l 'K1. an- all ini luded mi 


0 »owC s ^- 

TV wt* 

GET /select/selectBeerTaste.jsp?color=dark&taste=malty HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U: PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
20030624 Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml.text/html;q=0.9,text/ 
plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif ;q=0.2,*/*;q=0.1 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Connection: keep-alive 



1111V JM Mill 




it 


s y3 ra "‘ . i {fl 

/C -T 



Hey server... GET me the page 
on this host that's at /select/ 
sclectBcerTaste.jsp and, oh yeah 
here are the parameters for you: 
color = dark <4 toste = malty. And 
hurry it up 


O 

O 




Sure, I'll go GET 
that page and thanks for 
the parameters And just FYI, 
"hurry it up” is not part of 
the HTTP protocol 






Client 



Server 


you arc hero ► 
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HTTP »osr 


Anatomy of an HTTP POST request 

HTTP POS I requests arc designed to be used l>\ llu* browser to 
make complex requests on the server. For instance, it a user lias just 
completed a long form, the application might want all of the form’s 
data to he added to a database. The d.ita to he sent back to the server 
is known as the "message body’* or "payload” and can be quite large. 


TV* 


The 

headers 


The HTTP 

Method 


^ P^h io U 


The 

that the *€ i. 

bowser « ^ 




POST /advisor/selectBeerTaste.do HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US, rv:1 4) Gecko/ 
20030624 Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml, text/html;q=0.9,text/ 

plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2. */ , ;q=0.1 

Accept-Language: en-us,en;q=0.5 

Accept-Encoding: gzip,deflate 

Accept-Charset: ISO-8859-1 ,utf-8;q = 0.7,*;q=0.7 

Keep-Alive; 300 

• -j-i i _ 

Connection: keep-alive “ , "* e P*4">rters are down here 


color=dark&taste=malty 


kT' ZZZ? “ f M-tT 


j Hey server... please POST this 
to the resource at; /advisor/ 
selectBeerTaste.do. Don't forget 

. 1 - . 1 * T J - *1. - L . J l - . *.1 - 

to iook insiae me ooay ror me 
important data I'm sending 


- / Sure, I’ll find that -v. 

resource (it's actually a 
little application) and when I ) 

_ do. I'll give it the dote in the C 
V request body you sent 



Client 


HTTP request 







/ 





it 


Server 
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Anatomy of an HTTP r esponse , and 
what the heck is a "MIME type"? 

Now dial vvc'vc seen i hr- requests Tnim ih«* browser to i hr- server, let’s 
look at what the server sends back in response. An HTTP response 
has both a header and a body. The header info tells the browser about 
the protocol being used, whether the request was successful, and 
what kind of content is included in the body. The body contains the 
contents (for example, HTML) for the browser to displat 




Y 


Tv* HTTP 
tr fa*"** 

j ^ the stat US Code 

HTTP/1.1 200 OK 


HTTP 

Response 

headers 


Set-Cookie: JS£SSIONID=QAAB 6C8DE415E2E5F307CF334BFCA0C1; Path=/testEL 
| Content-Type: text/html | 

Content-Length: 397 
Date: Wed, 19 Nov 2003 03:25:40 GMT 
Server: Apache-Coyote/1.1 
Connection: close 


The «o*W-type response header’s 
v alue is known as a 


now 



MlMB type The 
W/WE type tells the brovJTwhat 
<nd of data the browser is about to 
receive so that the browser 
how to render it 

NoLee that the N[\N[t type value 
relates to the values listed m the 
HT 7 p request's Accept" header 
look * ^e Accept header fro, 

the previous face's POST revest / 


you are here ► 
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request and ?sponse 


All the pieces. 
On one page. 


TK 




4 * |B \ if^ht^^v vsvs 1 wtchyJtysmyl. com‘test IBeer 1t 

QQ Hfplt M*t Amuitmm HU> Yakwo* Hr-»s • 

Thf browser creates an 

HTTP eiET 


GET /tesXl-'Beerl html HTTPH.1 
Host www wcKedlysmart.com 
User-Agent Mozitta/5.0 (Macintosh 


Beerl.html 


so- Vn . T j 
I. " + 'ndi 

2« pjg* , 




Server 


And ynrra^s an 
HTTP ires^onst 


HTTP/1 1 200 OK 
Set-Cookie 


<htmlxbody> 

<hl align-center>Beer Login Page</hl> 
<form> 

Select a beer type or buy beer 
making supplie3?<p> 

<input type=radiG name= 2 elect 
value=3elect> Select a beer<br> 

• input type=radic name=select 
value=Buy> Buy 3upplies<br><br> 
<center> 

<input type=SUBHIT> 

</center> 

</torm> 

</body>-./html> 


<t*nl><body> 

<h1 allgn=cenier>Beer Logo Page<'ti1> 
<1om> 


*tA 

f> v 



21 




Client 


n ' Seiner 
re »<ien {j, 

HTML 



i - • B J1 * 


- « 


Bevr Login Page 




Srkxl t heer tvpr m Nr* herr n 

OMuiln 
OBuy nipphn 


JW looks 

W «rd io a 
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GET or POST? 

For each description circle either POST or GET 
depending on which HTTP method you'd choose 
for implementing that functionality If you think it 
could be either, circle both But be prepared to 
defend your answers... 


POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 


A user is returning a login name and password. 

A user is requesting a new page via a hyperlink. 

A chat room user is sending a written response. 

A user hits the next'button to see the next page 
A user hits the log out'button on a secure banking site. 
A user hits the back'button on the browser. 

A user sends a name and address form to the server. 

A user makes a radio button selection , 


you arc here » 
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anatomy of a URL 


URL. Whatever you do, don't pronounce it "Earl* 

When you get <>> tin- U’s in the anonym dictionary there* a traffic jam... L'Rl, 
URL, URN. where does it end? For now. we’re going to focus on tin- URLs. or 
Uniform Ri'wurcr Locators, that you know and love. Every resource on the weh 
has its own unique address, in the l"RI, formal. 


Proboto] Tells the 
verve*- which Communications 
protocol fin this ease 

HTTP) will be used 


1 


4 " , ' t 

S&^dv** 4 ** 
rSJT*—■ 


e °"tent being requested This 
could be a*> HTML pay. a 
servlet, an imay, PDR music, 
video, or anything else the 
‘evrer feels like serving |f this 
Of^ional part of the URL .s 
lef{ out, most web servers will 
look fcMr mdc*Kim| by def^H 


x 


http://www.wickedlysmart.com:8O/beeradvice/select/beerl.html 


r 1 
Sctrvcv fhe Unique r.ar>>e of 
the physical server you’re looking 
for This name maps to a unique 
IP address IP addresses are 
numeric and take the form "suit 

yyy zz^aaa" /ou can specify an 
IP address here instead of a server 
name, but a server name is a lot 
easier to rememhei- 


Path The pith to the location, 

on the server, of the resource 

being requested Because most 
the early servers on thewch ran 
Uni*, Urn* synta* « still ^ 
describe the directory hierarchies 
on the web server 


Noi ‘hown 

I 

^ end of iL appended 

^ J ?£' It *^s 

^ P J ^-eter / 

Ie P*Jted by dr ** e/ '*e fan-) 

' a ^Persand 
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Wdl-known TCP port numbers 
for common server opplicotions 


A TCP port is just a number 

A 16-bit number that identifies a 
specific software program on the 
server hardware. 


Your internet wrb (HTTP server software runs on port 
HU. That's a standard. If you’ve got a Telnet server, it's 
running on port 23. FTP? 21. POP3 mail server? 110. 
SMTP? 25. The Time server sits at 37. Flunk of ports as 
unique identifiers, A port represents a logical connection 
to a particular piece of software running on the server 
hatdumr. That's it You can't spin your hardware box 
around and find a T( IP port. For one thing, you have 
t)553(i of them on a server 0 to 65535). For another, 
they do not represent a place to plug in physical devices. 
They're just numbers representing a servei application. 

Without |xirt numbers, the server would have no way of 
knowing which application a client wanted to connect to. 
And since each application might have its own unique 
protocol, think of the trouble you'd have without these 
identifiers. What if your web browser, for example, landed 
at the POP3 mail server instead of the II I I P server? flic 
mail server won't know how to parse an H TTP request! 
And even if it did. the POP3 server doesn't know anything 
about serving back an H I Ml. page. 

ii you're writing services iserver programs) to run on a 
company network, you should check with the sys-admins 
to find out which pons are already taken. Your sys-admins 
might tell you, for example, that you can’t use any port 
nutnlter below, sav, 3IM10. 



Telnet £A/VT? 


https ?m 


Wsin^ one server app per port, a server 
tan have up to different server 
apps rvnniwy 


The TCP port numbers 
From o to 1023 are 
reserved For well-known 
services (including the 
Rig One we care about- 
Port 8o). Don’t use these 

JL - / * * * “ 

ports For your own 
custom server programs! 
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web site hreciory 


directory structure for a simple Apache web site 


We’ll talk more about Apache and Tomcat later, but for now let’s assume that our simple 
web site is using Apache the extremely popular, open source web server you're probably 
already usingi. What would the directory structure look like for a well site called www. 
wicked I ysmiirt.com, hosting two applications, one giving skiing advii e, and the other 
beer-related advice' Imagine that the Apache application is running on port 81). 

The html pages arc each marked with a letter (A, It. ( -, D. for the exercise on the 
opposite page. 


"mdev-htnd" is the default 
pay that, will be returned 
to a user who key* 

"www W1 ekedlysmart Co«*/“ 
into his browser / 


V 


=*1 


- 3 

Apache home '1 



G 

l_j 

1 





An Apache server will assume 
that "htdocs" is the directory 
that IS the root for all or the 
server's web applications 


-rv, reel f« Wer 
for the beerM'"* 


sklingAdvice 


Index html 




</htJ 


The two 

applications on 
this server 


select ■ 



Index html 


Index html 


; 


The folders for 
the beer Advice 
app's two actions 


tint *«<* 

default pay ^ 
fMdv< ^P Pl <cat )0 , 


o 




selectBeer html 


An ItT/VJL pay that 
3'res the user some 
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^Sharpen your pencil 

' Mapping URLs to content 

Look at the directory structure on the opposite page then write in 
a URL that would get you to each of the four .html pages marked 
with the A B, C. and D We did the first one (A) for you, because 
that s the kind of people we are For the exercise assume Apache is 
running on port 80 (The answers are at the bottom of the next page) 



will cause the server to return to you the index html page at location 




CP Apple Mac Amazon eBay Yahoo! News ▼ 


will cause the server to return to you the index.html page at location 





will cause the server to return to you the selectBeer html page at location 



you arc hero * 
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static )ages 


Web servers love serving 
static web pages 



A static page just sits there in a 
directory. The server finds it and 
hands it back to the client as is. 
Every client sees the same thing. 



The* fay* V> *J r *tf* 
O* tltwt jvrft 

Y a» 

?u t ^ O* ***«*■ 


web server 
machine 


But what if I wont, soy, the 
current time to show up on 
my page? Whot if I wont a page 
that has something dynamic ? 
Can't I have something like a 
variable inside my HTML? 



<html> 

< bod y > 

The curront 

</body> 

</html> 


^etWj *naWe , " s ’ de 
the HTML f»y* 

r 

i 

time is [insertTimoOnSmrvor]. 



lUflij issgpa-ss^ias.aaiApvjaaq/iuoD VBUis^-paipiw .v.v.v, -g 
/90iApvj9aq^\uootJeiusA|p9)(3!M ww»i -3 
/90|Apy6UM)(SjlU00 liBUJS^IpS^DIM'MMM -g 

e6ed srwiAejd iuoij swiwsuy 
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intro ai architecture 


Put sometimes you need more 
than just the web server 




I'm a web server 
application. I SERVE things. I 
don't do computation on the things 
I serve. But... I know a real nice 
program on the same machine 
that CAN help you out. 


C I can handle 
( that date thing 
\ for you, 


Web server 



/ 



web server 
machine 


another application 
on the server 


Q 


That's not a problem 
ril take care of getting the 
V request to the right helper app, then 
7 Til take that app's response and send 
\ it back to the client. In fact, the 
n client never needs to know that 
\. someone else did some 
C)"—of the work, 

V 



web server 
application 



another application 
on the server 
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when a web server enough 


Two things the web server alone won't do 

If you need just-in-time pages (dynamiciiIly-« rented pages dial don’t 
exist before the mptesti and the ability ro write/save data on the 
server {which means writing to a file or database), you can’t rely on 
the web serv er alone. 


1 Dynamic content 

I’lie web server application serves only sloth pages, but a separate 
“helper” application that the web server can communicate with 
can build non-static, just-in-time pages. A dynamic page could 
lie anything from a catalog to a weblog or ev en just a page that 
randomly chooses pictures to display. 


When instead of this: 

You want this: 

<html> 

<body> 

The current time is 
always 4:20 PM 
on the server 
</body> 

</html> 


<html> 

<body> 

The current tine is 

[InaertTimcOnServor] 

on the server 
</body> 

</html> 





Just-in-time pages don’t exist 
before the request comes in. 
It’s like making an HTML 
page out of thin air. 

The request comes in, the 
helper app “writes” the 
HTML, and the web server 
gets it back to the client. 


2 Saving data on the server 

When tin* user submits data in a form, the web server sees the form 
data and thinks, “So? Like I care?*' To process that form data, 
either to save it to a file or database or even just to use it to generate 
the response page, you need another app. When the web server sees 
a request for a helpet app, tin* web server assumes that parameters 
are meant for that app. So the web server hands over the parameters, 
and gives the app a way to generate a response to the client. 
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The non-Java term for a web server 
helper app is "Ctrl" program 

Most CXH progruim arr \vrill«*n as IVrl script*. I>ul mans 
other languages ran work including C, Python, and PHP. 
(CC.il stands for Comiuon (ialctvnv Interlace, and wr don’i 
Carr why it's called that.) 

Using Ctil. here's how it niiglil work for a dynamic web page 
that has the current server date. 


© 


web server machine 



User clicks a link that has a URL 
to a CGI program instead of a 
static page 


© 


H51 

Client 


web server machine 



web server 
app 


helper app 


Web server application ‘sees" that 
the request is for a helper program, 
so the web server launches and 
runs the program The web server 
app sends along any parameters 
from a GET or POST 



Client 


web server 
app 


<D 



Client 


web server machine 




The helper app constructs the 
brand new page (that has the 
current date inserted) and sends 
the HTML back to the server 

As far as the web server is 
concerned, the HTML from the 
helper app is a static page 



The helper application is shut 
down, and the client gets back an 
HTML page that has the current 
date as part of its now-static 
content 


you are here ► 
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two sides. CGI and Servlets 


Servlets and CG-I both play the role of a 
helper app in the web server 


CGI 

ill 

S l 

I* il/t J 

| Servlets 


Y7. 




Cj(i| is heller than Servlets. We write C!(>I scripts in 
Perl al our shop, because everybody knows Perl. 

I Hues* ilwl’s line if you use Java, since you know it. 
But it's certainly not worth it lor us to switch to Java. 
There's no advantage. 

You challenge me? On what grounds? 


This is no different front Java... what do you 
t alllhe JVM? Is not every instance <>l the JVM a 
heav y-weighl process? 


I see you have forgotten much. Web servers now are 
able to keep a single Perl program running between 
client requests So the additional overhead arwijtricnt 
is worthless. 


What are you talking about? Any COR BA-compliant 
tiling can be a J2I.K i lienl 


Stop I'm late for tn\ Pilmes class. But this i> not 
over. We ll have to finish it later. 


I doubt rvnrboih knows IVrl. I like Perl. Inti we’re all 
Java programmers in our shop so we prefer Java. 

With much respect, master, there are many 
advantages to using Java over Perl for the things you 
want to do with C(il 

Performance, for one thing. W illi Perl, the serve r has 
to launch a heavy-weight process lor each and every 
request for that resource! 

Ah, yes. hut you sec Servlets stay loaded and client 
requests for a Servlet resource are handled as separate 
timods of a single running Servlet. There’s no 
overhead of starting the JVM. loading the class, and 
all that... 


I have not forgotten, master But it is not all web 
servers that can do that. You are talking about a 
special case which does neat apply to all Perl CCl 
programs. But Servlets w ill always he more efficient in 
that way. And let’s not forget that a Servlet c an be a 
J2EE client, while a Pe rl CGI program cannot. 

I do not mean a client to a J2EE program, I mean a 
client that n J2EE. A Servlet running in a J2EE web 
container can panic ipate in security and transactions 
right along with enterprise beans and there are 

to be continued... 


28 


chapter 1 




intro architecture 



Request 

Response 

Fill in the boxes with 
a description of what 
happens during that step 
in the process This Is a 
duplicate of page 18 so 
when you're finished, 
flip back to that page to 
compare your answers 


<htmlxbody> 

<hl align“center>Beer Login Fage</hl> 
<form> 

Select a bBer type or buy beer 
making 3upplie3?<p> 
cinput type=radio name=3elect 
value=Select> Select a beer<br> 

• input type=radio name=3elect 
val'.io-Buy> Buy supplies<br><br> 

<center> 

<input type~SUBMlT> 

< /center> 

</form> 

</bodyx/html> 


HTTP/1 t 200 OK 
Set-Cootoe . 


<i*nl><body> 

<M align=eenter>Beer Logn Page<h1> 
<tom> 

Select a beei tyre or buy beer 


looks 

te, 

t'-twbor 


Client 


Vrko 4 hrrr typt m N»> ko uippUr*' 

O^tMUtKCf 

OBuy 
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quickie look at serv/efs 


Servlets Pewystified (write, deploy, run) 


Just mi those new t«»servletscan stop holding their breath, here’s a quit k 
guide to writing, deploying, and running a m ia let. This might mate more 
questions than il answers don't panic, you don't have to do this right 
now. It’s just a quick demonstration for those who can"I wait. 1 lie next 
chapter includes a more thorough tutorial. 

Q Build this directory tree (somewhere not under tomcat).-- 

Wnte a servlet named Chi Servlet.java and put it in the sre directory (to 
keep this example simple, we aren't putting the servlet in a package, but 
after this, all other servlet examples in the book will be in packages) 



ChlSarvM pvt 


vwbxml 


import javax.servlet.*; 
import ;javax. serviet.http. *,• 

import java.io.*; "'N 

public class ChlServlet extends HttpServlet ( l Standard servlet decorations 

| (there will be about ^00 payt 

public void doGet(HttpServletRequest request, \ describing this stuff) 
HttpServletResponse response) j 
throws lOException t / 


PrintWriter out - response.getWriterO; 
java.util.Date today = new java.util.DateO; 
out.println("<html> ” + 

"<body>" + 

"■dll align=ceriter >HF\* a ChapLerl Servlet</hl >" 
+ "<br>" + today * **</body>" * "</html>") ; 


\)TMU «"**£,*, 
Jjsa 

doesn't* 7 


G Create a deployment desenptor (DD) named web xml, put it 
in the etc directory 

<?xmi versior.-"i .0“ encnding-’TSO-tiRSi-I® ?> 
web-app xmlns="http://java.sun.com/xml/ns/j2ee" 

xmlnsixsi-"http: //www. w3 .wg/2001 /XMLSchenva-instance* 
xsi:schemaLocation="http://java.sun.ci m/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd w 
version="2.4"> 

<servlet> 

servlet-name Chapter 1 Servlet-; /servlet-:. atr.e 
<servlet-clas: ChlServlet /servlet-class 
</servlet> 

<servlet-mapping> 

•servlet-name Chapterl Servlet-/servlet-name 
• url-pattern /Servl- /url-pattem - 
</servlet-mapping> 

</web-app> 


ht* : 

,p ytr web ayyhtation 
, declare -any servlets 

«rvlet-na-e> t*s the 

et> ele—ent the <serdet- 


_ A <wr!- ? attem> « the name the 

tlient uses for the re^st 
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Q Build this directory tree under the existing tomcat directory. 

From the project 1 directory, compile the servlet.. 

C - i path/tomcat 

Jse 

/ (This is dll one Commdnd ) 

(the Chi Servlet.class file will end up in projectl/classes) 


ft Copy the Chi Servlet class file to WEB-INF/classes , and copy 
the web xml file to WEB-INF 

From the tomcat directory, start Tomcat 

ibir./startup.sh 





Launch your browser and type in 

http://localhost:8080/chi/Servl 



it should display: 



http //localhost 8080/chl/Servl 
j + ; ^http //lotalhost 80 “ 


QQ Apple Mae Amazon eBay Yahoo' News * 



HF'« rhantprl Sprvlpt 

rn.rn.rn. u jl vt f mv» 


Tue April 10 16:20:01 MST 2<X* - 


daU -*1 ^ 



For now, every time you update either a servlet class or the 
deployment descriptor, shutdown Tomcat 


%bin/shutdown.sh 


you are here ► 
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HTML in a sucks 





et 


?»¥ w s TT^ to a* °“T;o 

U «***£$ »* rtTT !) 

(vt'» 




:af rtr 


ttrea" 

Login Page</hl>" 


html> " 
"<:body>" 
*<hl>Skyler\'s 
"<br ■" + today 
"</body>" + 


Actually, trying to format HTML inside a 
servlet's Oiit.printlnO pretty much sucks. 

This is one of the worn parts no, tkt worst 
part, of servlets, StulTing properly formatted 
H IMI, lays into tin* pi intlni ). just so that you 
• art insert variables and method calls. is just 
brutal. Don't even think about doing anything 
the least bit sophisticated. 



riuifiP truest 'ions 


It can't be that bad... why can't I just copy a 


whn|p page of HTMI from my w»h page oHitor, like 

Dreamweaver, and paste it into the printlnl). It’s 


A: 

X\ Obviously, you haven't tried this yet. It sounds 
good. Yes. I ll just make my page in a decent web 
page editor (or even a simple text file would be 
easier than in my Java code) and then a quick copy 
and paste into the printlnO and voila! 

Except you get about 1,378 compiler errors. 

Remember, you can't have a carriage return (a real 
one) inside a String literal. And while we re talking 
about Strings... what about all your HTML that has 
double-quote marks in it? 
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She doesn't know about 4SP 


<html> 

<body> 

<hl-Skyler' s Login Page</hl 
<br> 


<%= new java.util.Date<> % £ 

</body> 


skylerloqin.isp 


fWi» \oob a 

ava, 

of HTML l ? 


AJSP page looks jusi like ail HTML page, except you 
can pul Java anil Jav a-related things inside the page. 

So it really i^ like inserting a variable into your HTML. 


you are here ► 
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Java meets HTML ’SP 


JSP is what happened when somebody 
introduced Java to HTML 

Pimingjiiva into HTML is a solution for two issues: 


1 Not all HTML page designers 
know Java 

App developers know Java. Well page designers know 
H I'ML. With JSP, Java developers can do Java, and HTML 
developers can do web pages. 


2 Formatting HTML into a String 
literal is REALLY ugly 

Putting even marginally complex H IML into the argument to 
a printin' is a compiler error waiting to happen. You might 
ha\e to do a toil of work to gei the H TML formatted properly 
m a way that still works in the client's browser, yet satisfies 
Java rules for what's allowed in a String literal. You can’t have 
carriage returns, for example, yet most of the HTML you’ll 
pull from a web page editor w ill have real carriage returns in 
the source. Quotes can be a problem too a lot of HTML 
tags use quotes around attribute values, for example. And you 
know what happens when the compiler sees a double quote... it 
thinks, “This must be the end of the Suing literal." Sure, you 
can go back and replace each of your double quotes w ith escape 
codes... but it all gets insanely error prone. 



n* 

Wait... there's still something wrong here! Benefit number 
one says "Not all page designers know Java..." but the HTML page 
designer still has to write Java inside the JSP page!! JSP lets the Java 
programmer off the hook for writing HTML, but it doesn't really help 
the HTML designer. It might be easier to write HTML in a JSP rather 
than in a printlnO, but the HTML developer still has to know Java. 


A: 

Looks that way, doesn't it? But with the new JSP spec, and by 
following best practices, the page designer should be putting very 
little (or no) real Java into a JSP. They do have to learn something... but 
it's more like putting in labels that call real Java methods rather than 
embedding the actual Java code into the page itself. They have to learn 
JSP syntax, but not the Java language. 
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- BULLET POINTS - 

• HTTP stands for Hypertext Transfer Protocol, and is the network protocol used on 
the Web It runs on top of TCP/IP 

■ HTTP uses a request/response model—the client makes an HTTP request, and the 
web server gives back an HTTP response that the browser then figures out how to 
handle (depending on the content type of the response). 

■ If the response from the server is an HTML page, the HTML is added to the HTTP 
response 

■ An HTTP request indudes the request URL (the resource the client is trying to ac¬ 
cess), the HTTP method (GET POST, etc ), and (optionally) form parameter data 
(also called the "query stnng") 

■ An HTTP response includes a status code, the content-type (also known as MIME 
type), and the actual content of the response (HTML, image etc) 

■ A GET request appends form data to the end of the URL. 

■ A POST request includes form data in the body of the request 

■ A MIME type tells the browser what kind of data the browser is about to receive so 
that the browser will know what to do with it (render the HTML display the graphic, 
play the music, etc.) 

■ URL stands for Uniform Resource Locator Every resource on the web has its own 
unique address in this format It starts with a protocol, followed by the server name 
an optional port number, and usually a specific path and resource name It can also 
include an optional query stnng. if the URL is for a GET request. 

■ Web servers arc good at serving static HTML pages but if you need dynamically 
generated data in the page (the current time, for example) you need some kind of 
helper app that can work with the server The non-Java term for these helper apps 
(most often written in Perl) is CGI (which stands for Common Gateway Interface) 

■ Putting HTML inside a pnnt!n() statement is ugly and error-prone, but JSPs solve 
that problem by letting you put Java into an HTML page rather than putting HTML 
into Java code 


you 


architecture 


here ► 


35 



2 KigVlevel overview 


Web App Architecture 



Servlets need help. When a request comes in. somebody has to 

instantiate the servlet or at least make a new thread to handle the request 
Somebody has to call the servlet's doPost() or doGet() method And, oh yes. 
those methods have crucial arguments—the HTTP request and HTTP response 
objects. Somebody has to get the request and the response to the servlet 
Somebody has to manage the life, death, and resources of the servlet That 
somebody is the web Container In this chapter we ll look at how your web 
application runs in the Container, and we ll take a first look at the structure of a 
web app using the Model View Controller (MVC) design pattern 


this Is a new chapter 
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official Sun exam objectives 


Objectives 



High-level Web App Achitecture 


Coverage Notes: 


1 For each of the HTTP Methods (such as GET, 

POST. HEAD, and so on), describe the purpose of 
the method and the technical characteristics of the 
HTTP Method protocol list triggers that might cause 
a client (usually a Web browser) to use the Method, 
and identify the HttpServlet method that corresponds 
to the HTTP Method. 


1 4 Describe the purpose and event sequence of the 

servlet life cycle: ( 1 ) servlet class loading. ( 2 ) servlet 
instantiation, (3) call the imt method. (4) call the 
service method, and (5) call the destroy method. 

2.1 Construct the file and directory structure of a Web 
Application that may contain (a) static content, (b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libranes, (f) JAR files, and (g) Java 
class files; and describe how to protect resource files 
from HTTP access. 


All of tht abject ices in this seetioi r are entered 
completely in oilier chapters, so think of this 
chapter as a first-look foundation fat what 
mines later. Ill othci words, don't worry 
about finishing this chapter knou mg land 
remembering) anything specific from these 
object ires. 

lbu won't lime any mock exam questions on 
these topics until you get to the more speeifii 
ihapter where those topics ate coined. 

Enjoy this nice, simple, bail,ground material 
while you can! 

Ill / you do need to know this stuff before 
morwg on. If you already have some servlet 
experience, you can probably just skim the 
pages, look at the pictures , do the exercises, and 
more on to chapter !i. 


2.2 Describe the purpose and semantics for each of 

the fOiiuwifiy deployment ueSCfiptOf elements: 

servlet instance, servlet name, servlet class, servlet 
initialization parameters, and URL to named sen/let 
mapping 
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What is a Containe r? 

Servlets don’t have a main() method. 
They’re under the control of another Java 
application called a Container. 


Tomcat is .m example of a Container. When your web server 
application 'like Apat ite) gels a request lor a servlet (as 
opposed to. say. a plain old static HTML page), the server 
hands the request not to the servlet itself, but to the Container 
in which the servlet is deployed. It's the Container that gives the 
servlet the HTTP request and response, and it’s the Container 
that calls the servlet's methods like doPostl) or dot Jet 



Client 



you are here ► 
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life without 


What if you had Java, but no 
servlets or Containers? 


What if you had to write a Java program to 
handle dynamic request* dial come to a web 
server application like Apache bill without a 
Container like Tomcat? In oilier words, imagine 
there’s no such thing ns servlets, and all you have 
are die core J2SE libraries? (Of course, you can 
assume you have the capability 
of configuring the web servei 
application so that it can invoke 
your Java application.: It’s OK if 
you don’t yet know much about 
what the Container docs. Just 
imagine you need server-side 
support for a web application, and 
all you have is plain old Java. 



List some of the functions you would have to implement in 
a J2SE application if no Container existed 

* Create a socket connection with the server, and create a listener f or the socket 


i.-i.Mii48rtitnu kt* mu jtii Sjipi • uiMkfct* .Api -.atmji juj 

ifltnuipl pmjr vnnj 'Muruvac tnJUOfdan ‘iafhtuitui p tulip r air.u t iianvur jjtjmt^ 
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What does the Container give you? 

\\V know that it's tin* Container that manages and runs the 
servlet, but ;< //)'? Is it worth the extra overhead? 


Communications support 


provides an easy way for your servlets to talk to your web 
server. You don't have to build a ServerSocket, listen 
on a port, create streams, etc. I he Container knows the 
protocol between the web server and itself, so that your 
servlet doesn't have to worry about an API between, sav. 
the Apache web server and your own web application 
code. All you have to worry about is your own business 
logic tliat goes in your Servlet dike accepting an order 
from yout online store). 


Lifecycle Management 


controls the life ami death of vour servlets. It 
takes care of loading the classes, instantiating and 
initializing the servlets, invoking the servlet methods, 
and making servlet instances eligible lor garbage 
collection. With the Containet in control, jrou don't 
have to worry as much about resource management. 


Multithreading Support 


automatically creates a new Java thread for every servlet 
request u receives. When I he servlet 's done running 
the HTTP sendee method for that client's request, the 
thread completes i.e. dies . This doesn't mean you’re 
off the hook for thread safety you can still run into 
synchronization issues. But having the server create and 
manage threads for multiple requests still saxes you a lot 
of xviii k. 


Declarative Security 


With a Container, you 
gi t ro ns.' .in XML deployment descriptor to configure 
and modify security without bas ing to liard-code it 
into your servlet tor any other class code. Think about 
tliat! You can manage and change your security without 
touching and recompiling your Java source tiles. 


JSP Support 


You already know how cool JSPli are 
Well, who do you think takes care of translating that JSI 
code into real Java? < )l courser. I hc Container. 


Thanks to the Container. 
YOU gel to concentrate more 
on your own business logic 
instead of worrying about 
writing code for threading, 
security, and networking. 

You get to focus all your 
energy on making a fabulous 
online bubble wrap store, 
and leave the underlying 
services like security and 
JSP processing up to the 
container. 



you are here * 
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the Container 


How the Container handles a request 

Wp'll me some of the juicier hits for later in the book, but 
here’s a quick look: 



HTTP request 



o 

servlet 



User dicks a link that has a 
URL to a servlet instead of a 
static page 




The container ‘sees’ that the 
request is for a servlet, so the 
container creates two objects: 

1) HttpServletResponse 

2) HttpServletRequest 




vy 


ii - "1 
Lk=ji 

— 

Client 



The oontainer finds the correct 
servlet based on the URL in the 
request, creates or allocates 
a thread for that request, and 
passes the request and response 
objects to the servlet thread. 
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® 



saib 

Client 



The container calls the servlet's 
service!) method Depending on 
the type of request, the service!) 
method calls either the doGet() or 
doPostf) method 

For this example we II assume the 
request was an HTTP GET 


© 




The doGet() method generates 
the dynamic page and stuffs the 
page into the response object 
Remember, the container still 
has a reference to the response 
object 1 


© 



The thread completes the 
container converts the response 
object Into an HTTP response, 
sends it back to the client, then 
deletes the request and response 
objects 


you are here * 


43 







servlet ode 


How it looks in code (what wakes 
a servlet a servlet) 


|n the real world, ^ a " 

ie*wlrb ovevr.de either the do^et^ 
or doPostf) method 


import javax.Xerviet.*; 
import javax. \rvlet.http.*; 
import java.io. 



irffiar 


pul 1 : • Ids: Chaseivlet -xt-tn: HttpServlet ( 


public id doGet (Httf'Sei vlfcftReque: t request, 

HttpSer -letRespor.se response l^_ 
throws lOException I 


lets 


Cil,ed h the 


This is where your servlet yts 
references to the request and response 
objects which the Container Creates 


) 


PrintWritor out = response.getWriter(); 

java.util.Date today - new java.util.Date(), 
out.println<"-html> ” + 

"ebody^" t 

"<hl style= w text-align:center >" - 
“HF\'s Chapt.er2 Servlet</hl >* ♦ 
*<br>" + today + 

**</body>" t 
”</html>"); 


You can yt a PrmtWriter from 
the response object your servlet 
yts from the Container Use 
the PnntWnter to write HTML 
tent to the response object 
(you can yt other output 
options, besides Pr.ntWr.ter, for 
writing say, a picture .nstead of 
HTML te*t ) 



I remember seeing doGett) and doPostl), 
but on the previous page, you show a service() 
method? Where did the service() method come 
from? 

A! 

Your servlet inherited it from HttpServlet, 
which inherited it from GenericServlet which 
inherited it from... ahhh, we'll do class hierarchies 
to death in the Being a Servlet chapter, so you just 
need a little more patience. 


You wimped out on explaining how the 
container found the correct servlet... like, how 
does a URL relate to a servlet? Does the user have 
to type in the exact path and class file name of 
the servlet? 

A: 

Xj, No. Good question, though. But it points 
to a Really Big Topic (servlet mapping and URL pat¬ 
terns), so we'll take only a quick look on the next 
few pages, but go into much more detail later in 
the book (in the Deployment chapter), 
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You're wondering how the Container 
found the Servlet... 


Somehow, ilir I RI, that conics in as part of the request from the 
client is map/nil to a specific servlet on (lie server I his mapping 
of I RI .*s to servlets mis'ht be handled in a number of different 
ways, and it’s one of the most fundamental issues you’ll face as 
a web app developer. The user ropiest must map to a particulai 
servlet, anti it’s up to you to understand and usually rutifigutr 
that mapping. What do you think? 



FLEX YOUR NIND 

How should the Container map 
servlets to URLs? 


The user does something in the browser (clicks a link, hits the ‘Submit' 
button enters a URL, etc) and that something is supposed to send 
the request to a specific servlet (or other web app resource like a 
JSP) you built How might that happen? 

For each of the following approaches think about the pros and cons 


(?) Hardcode the mapping into your HTML page In other words, the 
client is using the exact path and file (class) name of the servlet. 


PROS: 


CONS: 


(2) Use your Container vendors tool to do the mapping: 

PROS: 

CONS: 

(3) Use some sort of properties table to store the mappings: 

PROS: 

CONS: 
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mapping URLS to ervtet s 


A servlet can have THREE names 


A servlet has a file path name, obviously, like dassc-s/registralion/ 
SigoUpServlct.rlass (a path to an actual class file . I’lie original 
dcvrloprr "I the servlet class chose the thus name and the package 
name that defines part of the directory structure), and the location on 
the server defines the full path name. But anyone who deploys 
the servlet can also give it a special deployment mime. A deployment 
name is simply a secret internal name that doesn't have to be the same 
as the class or file name. It am he the same as the servlet tints name 
(registration.SitjnUpScrvlet) or the relative path to the class file 
< lasses/registration/SignUpSei vlet.dassL hut it can also he something 
completely different (like EiirollSerilet I. 

Finally, the servlet has a public I KL name- the name the client knows 
about. In other words, the name coded into the H TML so that when 
the user clicks a link that’s supposed to go to that servlet, this public 
URL name is sent to the server in the H I I I* request. 


© 


I'm gonna call 
this servlet the 

’EnrollServlet" 


@ 



Client-known URL name 


The client sees a URL for the 
servlet (in the HTML), but doesn't 
really know how that servlet name 
maps to real directories and files 
bock on the server The public URL 
name is a fake name, made up for 
clients. 


O 

o 



Deployer-known 
secret interna l name 

The deployer can create a name 
that's known only to the deployer 
and others in the real operational 
environment This name, too, is a 
fake name, made up just for the 
deployment of the servlet It doesn’t 
have to match the public URL used 
by the client, OR the real file and 
path name of the servlet class. 



Actual file name 


The developer's servlet class 
has a fully-qualified name that 
includes both the class name and 
the package name The servlet 
class file has a real path and file 
name, depending on where the 
package directory structure 
lives on the server. 
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Well isn't that special how everyone 
gets to express their creativity and 
come up with their very own name for 
the same darn thing. But what's the point!? 
Really? Why don't we all just use the 
one, real, non-confusing file name? 



Mapping servlet names 
improves your app’s flexibility 
and security. 

Think about it. 

So you've hard-coded the real patli and 
file name into all theJSPs and other 
HTML pages that use ili.n servlet. 

(treat. Now what happens when von 
nerd to reorganize your application, 
and possibly move things into different 
directory structures? Du you really mint 
to four rreryunr who u.w.i that mclet lo 
kunu' (and jmfvti follow) that Mine dimlorr 


ilrurturr? 


B\ mapping the name instead of coding 
in the real tile and path name, you 
have the flexibility to move things 
around without having the inmntcnnncc 
nightinare of tracking down and 
changing client code that refers to the 
old location of the servlet files. 

And what about security? Do you really 
want the client to know exactly how 
things are structured on your server? 

Do von want them to. say, attempt to 
navigate directly to the servlet without 
going through the right pages or forms? 
Because if the end-user can sec the real 
path, she can type it into her browsei 
and try to access it directly. 
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Using the deployment descriptor to wap URLs to servlets 

When you deploy your sen lei into your well Container, you'll create a fairly simple XML 
document called the Deployment Descriptor DD to tell the Container how to run your 
servlets and jSl's. Although you'll use the DD for more than just mapping names, you’ll use two 
XML elements to map 1’RL.s to servlets one to map the client-known publit I HL name to youi 
own internal name, and the other to map your own interim/ name to a fully-qualified class name. 

The two DD elements for URL mapping: 

(?) <servlet> 

maps internal name to fully-qualified class name 


(2) <servlet-mapping> 

maps internal name to public URL name 

I qT more 15 

There o a LO . ta* 


Thu web ay? has two 

servlets "N 


r^L ^ £ Ka?trr^ 

^ the trO o* V* 


<web-app 


The <serv|et> element 
tells the Container 
which class files belong 
to a yartitular web 
ayylieation 




<serviet> 

servlet-name Internal name 1</servlet-namc 
<servlet-cla5E foo.Servletl /servlet- • 1 ar.s> 
</servlet> 


The <servlet-na-e> element » ««*>> 

t>e a <servlet> element to a syecU 

<servtet-may?."5> ^ 

.see NEVER sees this used 

’ ^ in other yarts of the DD- 


<servlet> 

servlet-name Internal name 2</servle’ -name 
servlet-class foo.Servlet2 /servlet—class> 
</servlet> 


You y^ j|'lhe 


Think of the I 

<servlet->*«ayym5> element 


..—. . i~^ 

vici -uta^pxny^ 

servlet-name Internal name 1 /servlet-name 
/ <uxl-pattern /Publicl</uri-pattern> 

• </servlet-mapplnq> ft. _ .in. 


<serv|et-<*>ayym5> element x 
is what the Container uses \ 
jt runtime when a request 


■ * "'WW V-"- w— w- 

at runtime when a request 
Comes in, to ask, which 
servlet should I invoke for 
this requested URL? 


Thu is What the client sees (and uses) to 
«t to the servlet but -t’s a -ade-y 
Lme that a NOT the name of the actual 

servlet class 


* I» W u.m- 

<se rvlet -:napp i ng> 

servlet-name Internal name 2< /servlet-name - 
url-pattern: /Public2 /uri-^al tern 
</ servlet-mapping> 

P°« l tle to use wildcards m 

</»eb- are > 

that and yaths later 
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Put wait! There's more you 
can do with the PP 


Besides mapping URLs lo actual Ht-nlcis. vmi can 
use thr I)L) to customize other aspect* o| your web 
application including security roles, error pages, 
tag libraries, initial configuration information, and 
ii it’s a lull 12KK server, you ran even dec lare that 
you'll Ice accessing specific enterprise javalreans. 

Don't worry about the- details yet. Hie crucial 
point f<cr now is that the - DD gives you a way to 
dedaralivrly modify your applic ation without 
changing source rode! 

Think about this... it means that even those who 
aren’t Java programmers can customize your Java 
vveh application w ithout having to drag you back 
front your tropical vacation. 


dlrSB’ truest iPils 

O: 

V, I'm confused. Looking at the DD, you still don't 
have anything that indicates the actual path name of 
the servlet! It just says the class name. This still doesn't 
answer the question of how the Container uses that 
class name to find a specific servlet class file. Is there 
yet ANOTHER mapping somewhere that says that such 
and such a class name maps to such and such a file in 
such and such a location? 

A! 

£\ You noticed. You're right that we put only the class 
name (fully-qualified to include the package name) into 
the <servlet-class> element. That's because the Container 
has a specific place it will look for all servlets for which 
you've specified a mapping in the DD. 

In fact, the Container uses a sophisticated set of rules for 
finding a match between the URL that comes in from the 
client request and an actual Java class sitting somewhere 
on the server. But we II get into that in a later chaplet (on 
Deployment). Right now, the key point to remember is 
that you can do this mapping. 


The deployment descriptor (DD), 
provides a “declarative” mechanism 
lor customizing your web applications 
without touching source code! 


— DD Benefits 

■ Minimizes touching source code that 
has already been tested 

■ Lets you fine-tune your app's 
capabilities even if you don't have tbe 
source code 

■ Lets you adapt your application to 
different resources (like databases), 
without having to recompile and test 
any code 

■ Makes it easier for you to maintain 
dynamic security into like access 
control lists and secunty roles 

■ Lets non-programmers modify and 
deploy your web applications while 
you can focus on the more interesting 
things Like how appropriate your 
wardrobe isn t for a trip to Hawaii 
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Bob's matchmaking are 


Story: fob Guilds a Matchmaking Site 

Dating is lough today. Who has the time when there’s always another 
disk to defrag? Boh, who wants a piece of the dot-com action (what's 
left of it, anyway), believes tli.it creating a geek-specific dating site is 
his ticket out of the Diibertian job lie has now. 

The problem is. Bob’s been a software manager for so long tli.it lie’s, 
um. a little out of touch with contemporary software engineering 
practices. But he knows some buzzwords and some Java and he’s read 
a little about servlets, so he makes a quick design and starts to code... 


I wont on Agile 1 “s. 
Dating site where \ 

geeks can meet and hook up ) 
Because not everybody C 

gets lucky ot a Linux ) 

Installothon 


A 




GeekDates 

"78% of our transactions end In commit." 


Join y 

( DQL query 


Q Refactor my Profile ) 



Input your stale 

Hindis I 


* I 

05 C 


Attribute d 
firapnam IH 
Typf tkdaiohon 




rtimlH T 

Compose your Dati ng Query Loivgoogo 
(DOl) flnnij here HffHt 


Refactor 

Modify ywr profile 



: Improve iO 
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He starts to build a bunch of servlets... 
one for each page 


He considered having just a single servlei. with a bunch ol \J 
tests, hut do idetl that separate serv lets would he more ()()—each 
servlet should have one responsibility like the query page, the sign¬ 
up page, the search results page. etc. 

Each servlet will have all the business logit: it needs to tnodifs or 
trad the database, and prints the HTML to the response stream 
back to the client. 

// import statements 

public class DatingServlet extends HttpSorvlet 

public void doGet(HttpServletRequest request, 
H.ttpServletP.esponse response) 
throws lOException I 

// business logic goes here, depending 
//on what this servlet is supposed to do 
// (write to the database, do the query, etc.) 

PrintWriter out - response.get.Writer(); 

// compose the dynamic HTM1. page 

out.printin( "something really ugly goes here"); 

1 

I 




-t ioti '“hatc'C*' 

* do bo yrou* 

rt fiite itvSCtT sr 

* datable) a»d 
the HTML ? ay * 
‘P resf° r > st 

Kc bui>n«« M* 1 

t client HTML 

tforae « '"“He W 


you are here ► 


51 













Bob adds JSPs 


Put then it gets ugly, so he adds JSPs 


Those pesky printin'! statement* for the output response get trails 
ugly, really quickly. So he rearls up on JSI’s ami dec ides to have each 
serv let do whatever business logic it needs to do (query the database, 
insert or update a new record, etc.) then Jonconl the request to a JSP to 
do the H I ML lor the response. This also separates the business logit 
from the presentation... and since he’s been reading up on design, he 
knows that separation of eoneerns is a Good Thing. 

II import statements 


public class DatingServlet extends HttpServlet ( 

public void doGet (HttpServletFtequest request, 
HttpServletResponse response) 
throws IOException { 

II business logic goes here, depending 
// on what this servlet is supposed to do 
// (write to the database, do the query, etc.) 

// forward the request to a specific JSP page 
II instead of trying to print the HTML 
// to the output stream 




/ This JSP design is much \ 

^ cooler Now the servlet code is 1 
cleaner , each servlet runs its 
own business logic and then invokes o 
► specific JSP to handle the HTML for 
the response, separating business / 
V logic from presentation 


ft 

m 

II 



Input5*0nupSftr.tet AcoKrtS*gniJpSer.t#t lnputf > roM*Chftngw5er»tftt AccftptProfUftChftnQwSftrvIftt MilnP*ge5ft<vW< \ InputDOLSftfvW j DoOQKtoftfySftfvlrt 



knputSignupJSP AcctpCMgnupJSK mpu» , rohl«Lhangt*J5>P AccftpeProWftLharg»J&F M»nw a g«j^ taputUUlJ&F UotXJLUuaryJSP 


Q*nt fill* out ike VQL 



Do0 Q LQu, 


OoDOLOuefySwvlat 


HTML response 


web 

server/contairvcr 


DoDQLQueryJSP 


Client 


^►ery fom« and clicks the 
Do it button This sends 

an HTTP POST re V cst 

(or the DoD(?U$uery 
The web server invokes 
the servlet, the servlet 
runs the <\uery on the 

database, then the 
request is forwarded to 
the appropriate JSP The 
JSP builds the response 
HTML and sends it back 
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Put then his friend says, "You ARE 
using MVC, right?" 

Kim wants to know if the dating service ran he accessed from 
a Sw ing GUI application. Boh says, "No. 1 hadn't thought of 
that." So Kim says, “Well, it’s not a problem because I’m sure 
you used MVC. so we ran just whip up a Swing Gl’l client 
that can at res* the business logic classes." 

And Boh says, “Gulp " 



And Kim says. “Don’t tell me... you did not use MVC?" 

And Bol» says. “Well, 1 did separate out the presentation from 
the business logic..." 

Kim says, “That’s a start... hut let me guess... your business 
logic is all inside sm'lrisM" 

Boh realizes, suddenly, why he went into management. 

But lie’s determined to do this right, so he asks Kim to give 
him a quick crash overview of MVC. 


With MVC the business logic is not only 
separate from the presentation... it doesn’t 
even know that there IS a presentation. 



The essence of MVC. is that vou separate the business logit from 
the presentation, hut put something between them so that the 
business logit can stand on its own as a reusable Java class, and 
doesn’t have to know anything about the view. 

Boti was partly there, by separating out the business logic from 
the presentation, but his business logit still has an intimate 
conuretion to the v iew. Iii oilier word*, hr mixed the hu.tinr.ni !uf>ie 
into it lerilet, and that means lie can’t reuse his business logic for 
some other kind of view dike a Swing GUI or ev en a wireless 
app His business logic is stuck in a sen let when it should he in a 
standalone Java class he can reuse! 
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The Model-View-Controller (MVC) 
Pesign Pattern fixes this 

II B<ib had iindtTNUMid ihr MVC <)<-siiii» pattern. he would 
have known that die business logic- shouldn't be stuffed inside 
a servlet. He would have realized that with the business 
logit embedded in a servlet, he’d be screwed if he one da\ 
needed a different way to acres* the dating service, lake 
from a Swing (it 1 ! app. We'll talk a lot more about MVC 
and other patterns) later in the book. Inn you need a quick 
understanding now because the tutorial app we build at the 
end of this chapter uses MVC. 

If you’re already familiar with it, then you know that MVC 
is not spec ific to servlets and.JSPs the clean separation of 
hminess logic and presentation is just as valid in any oilier 
kind ol application. But with web apps, it’s really important, 
because you should never assume that your business logic 
will be accessed only from the web! We’re sure you’ve worked 
in this business long enough to know the only guarantee in 
software development: the spec always changes. 


Modc] ,| Vicw*Controller 
(MVC) takes the business 
logic out or the servlet, 
and puts it in a “Model” - 
a reusable plain old 
Java class. The Model 
is a combination of the 
business data (like the 
state of a Shopping Cart) 
and the methods (rules) 
that operate on that data. 


MVC in the Servlet & JSP world 


CONTROLLER 


VIEW 

Responsible for the 
presentation. It gets the 
state of the model from 
the Controller (although not 
directly; the Controller puts 
the model data in a place where 
the View can find it). It's also 
the part that gets the user 
input that goes back to the 
Controller. 


Servlet 



Takes user input from the request 
and figures out what it means to 
the model. 

Tells the model to update itself, 
and makes the new model state 
available for the view (the JSP). 



View 




MODEL 

Holds the real business logic and the 
state. In other words, it knows the 
rules for getting and updating the 
state. 

A Shopping Cart's contents (and the 
rules for what to do with it) would be 
part of the Model in MVC. 

It's the only part of the system that 
talks to the database (although it 
probably uses another object for the 
actual DB communication, but we'll 
save that pattern for later .) 
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Applying the MVC pattern to 
the matchmaking web app 


So. Boh knows what lie has to do. Separate out 
the business logic from the sen lets, and create a 
regular Java class for each one... to represent the 
Model. 

Then the original sen'lct w ill be the Controller, the 
new business logic class will be the Model, and the 
JSI’ w ill be the View. 




lnputSlgmttMod.1 /AcoptSigiwMod'l InpjtPtoffltOwgnHodal Acc*ptPrirf!kChv>geUlod>! f tbinP»g«Ma(tal / kiputOOLModtl / OoOOIOucryMntel 


InputS^mipSwstpt Aco*ptS^|mi)>S«r.1ei tnputf > roW*ClMngMS»rv1«t ScwptProllIpClMngMSwvlet MjlnP>g»S«r,<« i IpputOQLStrvMl DoOOKJuwySwvW 


InputOOLJSP OoDOCQu«ryJSP 
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yeah, but is this a good design ? 


Put then his friend Kiat takes a look 


Kim comes in and says that while it IS an MVC design, it's a 
dumb one. Sure, tlu* business logit lias been pulled out into a 
Model, and the servlets act as the Controllers working between 
the Models and Views so that the Models can be bruin-dead about 
the Views. That's all good. But look at all those little servlets. 

What do they even do? Now that the business logic is salelv lucked 
away in the Model, the servlet Controller isn't doing much except 
some generic application stull lor this app, and. oh yeah, it does 
update the Model and then it kicks the View into gear. 

But the worst part is that all that generic applii ation logic is 
duplicated in every single Prickin' servlet! II one thing needs to 
change, it has to change everywhere. A maintenance train wreck 
waiting to happen. 

"Yeah, I lelt a little weird about the duplicate code.” says Bob, 

"but what else can I do? Surely you don't mean lor me to pul 
everything in a single servlet again? How could Ihiit be good?” 
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1$ there an answer? 




FLEX YOUR MIND 



Leave this for you to ponder we will 

What do you think? Do you know the 
answer? IS there an answer? Would you 
agree with Bob. and leave the servlets 
as they are. or would you put the code 
into just one servlet Controller? And , 
if you do use just one Controller for 
everything, how will the Controller 
know which Model and View to - 

call? L«, 

The answer to this question won't 
come until the very end of the book, so 


think about this for a few moments, then 


put it in a mental background thread... 
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^Sharpen your pencil 


(?) Using MVC in a servlet & JSP world each 
of these three components (JSP, Java ctass. 
Servlet) plays one of the three MVC roles. Circle 
the “M". the “V, or the ‘C" depending on which 
MVC part that component plays. Circle only one 
letter per component 



JSP 


M 

V 

C 


M 

V 

C 


non-servlet 
Java class 



Servlet 



(2) What do the letters MVC represent in the MVC 
design pattern? 

M stands for _ 

V stands for _ 

C stands for _ 


• The Container gives your web app 
communications support, lifecycle 
management, multithreading support, 
declarative secunty. and support for JSPs, 
so that you can concentrate on your own 
business logic 

■ The Container creates a request and 
response object that servlets (and other parts 
of the web app) can use to get information 
about the request and send information to the 
client 

■ A typical servlet is a class that extends 
HttpServlet and overrides one or more service 
methods that correspond to HTTP methods 
invoked by the browser (doGet{) doPost(), 
etc). 

■ The deployer can map a servlet class to a 
URL that the client can use to request that 
servlet The name may have nothing to do 
with the actual class file name 
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Who’s responsible? 

Fill in the table below, indicating whether the web server, the web container, or 
a servlet is most responsible tor the task listed In a few cases more than one 
answer may be true for a given task For extra credit add a bnef comment 
descnbing the process. 


Task Web server Container Servlet 


Creates the request & response objects 




Calls the serviced method 




Starts a new thread to handle requests 




Converts a response object to an HTTP 
response 




Knows HTTP 




Adds HTML to the response ob|ect 




Has a reference to the response objects 




Finds URLs in the DD 




Deletes the request and response objects 




Coordinates making dynamic content 




Manages lifecycles 




Has a name that matches the 
<servlet-ciass> element in the DD 
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servlet and DD exercise 


Exercise 

— Servlet 



Code Magnets 

A working servlet,and its DD are scrambled up on 
the (ridge. Can you add the code snippets on the 
right to the incomplete listings on the left to make 
a working servlet and DD whose URL ends with 
/Dice 7 There might be some extra magnets on the 
right that you won't use at alii 




Kweo-app 


(Remember, this isn't the Complete <web-app> openin'} 
tag —a Complete e*ampie is at the end oL this chapter 
It doesn’t affect this e*erdise ) 


ervlet-nai I 
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Code Magnets, continued... 


imp rt javax.servlet.*; 
Import )dvax. aeivlet. Iittp. * ; 
import java.io.*; 



PrintWriter out 


response.getWriter(); 



J 


''servlet-mappings 


HttpServletResponse response) 


i servletResponse response, 



<servlet-name> 


</servlet-class> 
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responsibility exercise solution 




Exercise Solutions 


Task Web server Container Servlet 


Creates the request & response objects 


Just before starting 
the thread 


Calls the servtceO method 


Then servieeO method 

calls do^jetO or doPostO 


Starts a new thread to handle requests 


Starts a servlet thread 


Converts a response object to an HTTP 
response 


ispaiipa 


Knows HTTP 

Uses t t o talk -to the 

client browser 



Adds HTML to the response object 



The dynamic Content 
for the client 

Has a reference to the response objects 


Container ^ives it the 
servlet 

Uses it to print 
a response 

Finds URLs in the DD 


To find the Correct 
servlet for the revest 


Deletes the request end response objects 


• >IVV 

is f inished 


Coordinates making dynamic content 

Knows how -to forward 
to the Container 

Knows who to Call 


Manages lifecycles 


Calls service method 
(and others you'll see) 


Has a name that matches the 
<servlet-dass> element in the DD 



public class Whatever 
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two objects, two heaps 


A "working" deployment descriptor (dd) 

Don't worry about what any of this really means i you’11 see and be 
tested on this in otlu r chapters). Here, we just wanted to show you a 
weh, xml DD that actually works. The other example* in this chapter 
were missing a lot ol the pieces that go into the opening <web-app> 
tag. You can see why we don’t usually include it in our examples.) 

The way we usually show it in the book 

<web-app ...> ^-TV,* 

^ isw’i 

<servlet> 

<servlet-name>0h3 Beer</servlet-name> 

<servlet-class>com.example.web.BeerSelect</servlet-class • 
</servlet> 

<servlet-mapping> 

< servlet - rt ame >Ch3 Bee r </cervlet-name> 

• url-pattern -/SelectBeer.do- /ur1-pattern- 
</servlet-mapping> 

</web-app> 


The way it REALLY works 

<web-app xrrlns "http://java.sun.c m/xml/ns/jlee“ 

: "http://www.w3.org/2001/XHL8chema-instan 

xsi:schemaLocation^"http://java.sun.ceWxml/ns/j2ee/web-app_2_4.xsd" 
version="2.4"> 

<servlet> 

<se rvi@t-name -Ch 3 Bee r</ se rv j a t.-name > 

- . rSelect</servlet-elass> 

</servlet> 

<servlet-mapping> 

<servlet-name>ch3 Beer</servlet-name> 

‘‘ur 1-pat tern '/Select Beer. do</ur 1-pat tern. • 

</servlet-mapping> 

</web-app> 


, uoT tp **f ** *** 

You do NO ^ m 

1 . fVff dvst «-°YT y- , 
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high-level architecture 


How 42EE fits into all this 

The Java 2 Enterprise Edition is kind < »t a super- 
spei it inc orporates other specifications, including 
the Servlets 2.4 spec anti tlteJSP 2.<i spec. That's for 
the web Container. But lhcj2EE 1.4 spec also includes 
the Enterprise JavaBean 2.1 specification, for the EJB 
Container. In other words, the web Container is lor web 
components (Servlets and )M*s:, and the EJB Container is 
for btuuim components. 

A fully*coinpliant J2EE application serve t must have both 
a welt Container and an EJB Container (plus other things 
including a JNDI and JMS implementation . Tonic at is 
just a weh Container! It is still compliant with the 
portions ol thcj2EE spec that address the weh Container. 

Ionic at is a weh Container, tint a lull J2EE application 
server, because Tomcat does not have an EJB Container. 


A J2EE application server 
includes both a web 
Container AND an EjB 
Container. 

Tomcat is a web Container, 
but NOT a full J2EE 
application server. 

A J2EE 1.4 server includes 
the Servlet spec 2.4, JSP spec 
2.0, and EjB spec 2.1. 


|—J2EE Application Server 



Web Container 

EJB Container 

^Servlet^ 


_ $ 


tl 

S3 ' 

Servlets & JSPs 

Enterprise JavaBeans 


* 



Q: 

V' So Tomcat is a standalone web Container... does 
that mean there are standalone EJB Containers? 


A: 

£\ In the old days, say, the year 2000, you could 
find complete J2EE application servers, standalone web 
Containers, and standalone EJB Containers. But today, 
virtually all EJB Containers are part of full J2EE servers, 
although there are still a few standlone web Containers, 


including Tomcat and Resin. Standalone web Containers 
are usually configured to work with an HTTP web server 
(like Apache), although the Tomcat Container does have 
the ability to act as a basic HTTP server. But for HTTP 
server capability, Tomcat is not nearly as robust as Apache, 
so the most common non-EJB web apps usually use 
Apache and Tomcat configured together—with Apache as 
the HTTP web Server, and Tomcat as the web Container. 

Some of the most common J2EE servers are BEA’s 
Weblogic, the open source JBoss AS, and IBM's WebSphere. 
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3 hands-on MVC 


Mini MVC Tutorial 



Create and deploy an MVC web app. it s time to get your hands 

dirty writing an HTML form, a Eervlet controller, a model (plain old Java class), an 
XML deployment descriptor, and a JSP view. Time to buiid it. deploy it. and test it. 
But first, you need to set up your development environment—a project directory 
structure that s separate from your actual deployed app Next, you need to set up 
your deployment environment following the servlet and JSP specs and Tomcat 
requirements Then you're ready to start writing, compiling, deploying and running 
True, this is a very small app we re building But there's almost NO app that's too 
small to use MVC. Because today's small app is tomorrow s dot-com success. 


this Is a new chapter 








official Sun exam objectives 


OSJIKTWES 



Web Application Deployment 


Coverage Notes: 


2.1 Construct the file and directory structure of a web 
application that may contain (a) static content, (b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libraries, (f) JAR files, and (g) 
Java class files. Describe how to protect resource 
files from HTTP access 

2.2 Describe the purpose and semantics for each of 
the following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-mapping, servlet-name, and 
welcome-file. 


All <>J the objectives in this section are covered 
completely in the Deployment chapter; this 
is just aJirst look. This chapter is the only 
complete start-to-fimsh tutorial in the book, 
so if i on skip it, you might hare trouble Into 
testing some of the other examples in later 
chapters twhere we don't go through every 
detail again). 

.Is with the previous two chapters,you don't 
need to Jocus on memorizing the content in this 
chapter. Just get in there and do it. 


2.3 Construct the correct structure for each of the 
following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-name, and welcome-file 
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hands-on WVC 


let's build a real (small) web application 

We looked at the rule of a container, we talked a bit about 
deployment descriptors, and we took a first look at the Model 2 
MYC an Idler lure. Bill you r an t just sil here and read all day 
now its time to actually do something. 

The four steps we’ll follow: 

(?) Review the user’s views (what the browser 
will display), and the high level architecture 



(2) Create the development environment that we 
will use for this project (which you can use for 
any other example in the book). 

a GJ 




(3) Create the deployment 

environment that we will use for 
this project (which you can use for 
_ any other example in the book). 


a a 


a 

O GJ 

a 

a if I 

a 

Sgi 

a a 

aa 


- - 


a 


(4) Perform iterative development and testing on the 
various components of our web application. (OK. 
this is more of a strategy than a step.) 

Note: We recommend iterative development and testing, 
although we won't always show all the steps in this book. 



you are here ► 
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user views 


The User's View of the web application— 
a Peer Advisor 

Our wrli application is a Beer Advisor. Isrr* will !><• able in 
surf to our app, answer a question, and »ei bark siunningly 
useful brer advice. 



form.html 


4 ► 


c ' +| - 


(Tl Apple Mac Amazon eBay Yahoo! News* 

Beer Selection Page 

Selccl beer characteristics 
Color light : 1 



' Submit 'l 


Thu wll be wrrtte" 
HTML, and 5«nzrai< 
an HTTP Post rev*^ 

sending the user’s dolor 
seledt'on as a parameter 




This ? a 5 e will be a JSP that*** 
the ad«»de based on the user s dho.de 


O: 

Why are we writing a web 
application that gives beer advice? 


A i 

j\’ After an exhaustive marketing 
research effort, we concluded that 
90% of our readers appreciate beer. 
The other 10% can simply substitute 
the word "coffee" for "beer'. 
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hands-on MVC 


Here's the architecture... 

Even though iln> is a tiny application, we’ll build it using a simple 
MVC ar* hitemtre. Thai way, when it becomes THE hottest site on 
the web, we’ll l>e ready to extend the application. 


Container 



Beer-Expert OM ^ a “* 

component ' ' 


1 - The client makes a request 
(or the formhtml page 

2 - The Container retrieves the 
form html page 

3 - The Container returns the 
page to the browser where the 
user answers the questions on 
the form and.. 




4 - The browser sends the 
request data to the container 


Container 



5 - The Container finds the 
correct servlet based on the 
URL, and passes the request to 
the servlet 

6 - The servlet calls the 
BeerExpert for help. 

7 - The expert dass returns an 
answer which the servlet adds 
to the request ob|ect. 

8 - The servlet forwards the 
request to the JSP 

9 - The JSP gets the answer 
from the request object 

10 - The JSP generates a page 
for the Container 

11 The container returns the 
page to the happy user. 


you are hero * 
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development environment 


Creating your development environment 

There are lot* of ways you could organize your development dim torv sum lure, hut 
here’s what we recommend lot small- and medium-sized projects. When it’s time 
to deploy tlie weh app, we’ll copy a portion of this into wherever our particular 
Container wants the pieces to go. In this tutorial, we’re using Tomcat 5.| 
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hands-on MVC 


Creating the deployment environment 

Deploying a web app involves both Container-specific rules and 
requirements of the Servlets andJSP specifications. If you’re not 
deploying to To meal, you’ll have to figure out exactly where your web 
app should be relative to tour Container. In our example, everything 
below the “Bccr-v 1 " directory is the same regardless of your Container! 


Tomcat-specific 


also represents 


This directory nine 
the 'content rooi“ which TomCat 
«»<s when resolving URLs We'll 
esplore th4i concept in great detail 
m the deployment Chapter 


Everything BELOW this. 

dotted line IS the webapp, *"d 
will be the same regardless of 
your Container vendor 


^ 11 the 7imdaf l 
-ntdtory, ^ ^ 

S~ ^H^se/ike 


This PJrt of the 
directory structure is 
required by Tomcat 
and it must be directly 
mside the Tomcat home 
directory 



Part of the Servlets 
specification 


The name of 
the neb app 


^—1 




WEB-INFl 



1 

v 13 





u/htmlP 




form.html result.jsp 



rri 


- • rfr* 






This web r-ml 
file MUST be 
WEB-IKF 


web xml 


A mmCmmAlmm i£l m 

Mp|JIIVudllUII'dpCtmll IU 



This package rtrucfum it et aetly what we wed 
in the development environment Unless you're 
deploVina your clastut .. a .JAP /--'ll J-X ,L- 1 
that later m the book;, then you MUST put the 
P“*£5* directory structure immediately under 
WEB-INF/classes 


BearSelectclass BeerEipert class 
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building the app 


Our roadmap for building the app 

When \vr started tins c hapter we outlined a four-step process leu developing our \vel> app. 
Set far we’ve: 

1 - reviewed the user riot's for out web app 

2 - looked at the art'll ittr tun 

- setup the drretupnifnl and tlrplonnml environment* for creating and deploying the app 
Now it's time for step 1, orating the app. 

We borrow from several popular development methodologies a little from extreme 
programming, iterative development , and mangle them for our own evil purposes... 


The five steps we’ll follow (in step 4): 

(£a) Build and test the HTML form that the user will first request. 

(4b) Build and test version 1 of the controller servlet with the 
HTML form. This version is invoked via the HTML form and 
prints the parameter it receives. 

(4c) Build a test class for the expert / model class, then build and 
test the expert / model class itself. 

(4cj) Upgrade the servlet to version 2. This version adds the 
capability of calling the model class to get beer advice. 


nr 


Bn/fW tha JQD ii nnraria tha can/tat tr\ l/orc inn 7 /uihii-h aHHe 

IIUMU IIM. WVI | UUV II t« UVI flttl IV Wl VIVI « V \ If I Mill I W W 


the capability of dispatching to the JSP). and test the whole app. 
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hands-on MVC 


The HTML for the initial form page 

I hr H I ML is simple it puts up the heading text, the chop-down list 
from which the user select* a beer color, and the submit button. 


<htinl ><body> 

<hl a 1iqn^ w center">Beer Selection Page</hl> 

firm tr-t h‘ d-"POST" ^- 

i :tion="SelectBeer.do" 

Select beer characteristics<p> 

Color: 

cjjelect name="c;olor'' size= w l*> 

<option value="light"> light </option> 
<optior. value="amber"> amber '/option> 

■ option value= w brown*> brown -/option^ 
<option value="dark"> dark </option> 
</select> 

<br><br> 

<center> 

<input type="SUBMIT*> 

</center> 

</form></body></html> 


— Why did we choose POST 
instead o( $£T? 

This is what the BT/HL thinks the 
semlet is called There is NOTHIN^ 
in your directory structure named 
Select Beer do" 1 It’s a lo^al name 



This is how we Created the full- 
down menu, your oftions may vary 

(Did you figure out site—“I - ?) 


Why is the form submitting to “SelectBeer.do" when there is NO servlet with 
that name? In the directory structures we looked at earlier, I didn't see anything that 
had the name "SelectBeer.do". And what's with the ".do" extension anyway? 

A: 

_[\ SelectBeer.do is a logical name, not an actual file name. It's simply the name we 
want the client to use! In fact the client will NEVER have direct access to the servlet class 
file, so you won't, for example, create an HTML page with a link or action that includes a 
path to a servlet class file. 

The trick is, well use the XML Deployment Descriptor (webjcml) to map from what the 
client requests ("SelectBeer.do*) to an actual servlet class file the Container will use when 
a request comes in for“SelectBeer.do*. For now. think of the ".do*extension as simply part 
of the logical name (and not a real file type). Later in the book, you'll learn about other 
ways in which you can use extensions (real or made-up/logical) in your servlet mappings. 
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deploying ana testing 


deploying and testing the opening page 

To teat it, you need to deploy it into the Container tomcati directory 
structure, start Tomcat, and bring up the page in a browser. 


(?) Create the HTML in your development environment 

Create this HTML file, call it form.html. and save tt in your development 
environment under the /beerVI/web/ directory. 

© Copy the file into the deployment environment - 

Place a copy of the form.html file into tomcat/webapp&'Beer-vl/. 
(Remember, your tomcat home directory might have a different name). 


© Create the DD in your development environment 

Create this XML document, name it web.xml, and save it in your 
development environment under the /beerVi/etc/ directory. 



form.html 



Vou don 't base to 1 *°* 
lhat 

jMst. t*t ■* 


web-app xmlns="ht.tp: / / java .suri .com/xml/ns/j 2 ee" 

xmlns:x5i^"http://www.w3.org/2001/XMLSchema-instance" 

xsisschemal/ocation-"http://'a va.3un.com/xml /ns/j2ee/web-app_2_4.xsd 

version="2.4 , ’> 


<servlet> 


servlet-name Ch3 . er ./servlet-name 


i> of. r-»l a* av a«*r\1 a ltaK D aav*Ca 1 a/> f / / caw ' a 1 

- 4. ¥ — •_ •- WX UO O - V- -* — —--*---- 


c/servlet • 



.TK,* * a 


t-class> 

fjkrv**'**.*** ** iht 

servlet tU« file 


<servlet-mapping> 

servlet-name Ch3'Beer /servlet-name 

ur 1-pa 1 1 er n>/SelectBeer.do</ur 1-pat t err. • 

</servlet-mapping>\ , ,, ,t, e „t to refer to 

A . \ TK. U how , a mention 

i to tKe «rvlet TKe do 15 J** 

</web-app> start v*th 3 j(j th 
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hands-on MVC 


The main job «*1 this 1)1) is to define the mapping between the logical 
name the client uses for the request I"SelectBccr.do'' and the actual 
servlet class file u om.example.web. HerrSelecti. 


(4) Copy the file into the deployment environment 

Place a copy of the web. xml file into 
tomca t/webapps/Beer-vl/WEB-INF/. 

You MUST place it there or the Container won t find it and 
nothing will work, and you'll become depressed 



form html 


web xml 


(§) Start Tomcat 

Throughout this book we re using Tomcat as both the 
web Server and the web Container. In the real world, you 
probably use a more robust Web Server (like Apache) 
configured with a Web Container (like Tomcat). But Tomcat 
makes a perfectly decent Web Server for everything we 
need to do in this book. 

To start Tomcat, cd into the tomcat home directory and run 
bin/startup.sh. 


Edit Wndow OpenSourc* 


% cd tomcat 
% bin/startup.sh 


(§) Test the page 

Open the HTML page in your browser 
and type: 

IiUp.//loudllust 8080/Beei -v 1 /fuiill.Iitml 

You should see something like the 
screen shot here. 



form html 


http 7/localhost &08Q/Beer-v1 /form html 



Beer Selection Page 


Select beer characteristics 
Cokin li ght T ' 
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servlet mapping 


Mapping the logical name to a servlet class file 

© Diane fills out the form and hits submit The browser 
generates the reguest URL: 

/Beer-vl/5electBeer.do 

The half The web iff i^tal resource ?s ,r 

server Context root * a 'f v 

toot ( ____ iCarm 



Client 


POST /Bfe( _ w/4e|r<;i ~ ] 

HTTP/l 1 

J **»> I 

I o .n-us. „■! «, I 

[ I 

0^ *1-0 £•/* q fc Q j I 


I 

Container 


-"Select^ do 

_ to the revest fyo- 

thecV^p^^eeray^ 

owe it!* ~ * n 1 v ‘/ft« cr 

loot the web a??, 


The Container searches the DD 
and finds a <servlet-mapping> 
with a <url-pattern> that 
matches /SclectBeer.do, where 
the slash (/) represents the 
context root of the web app, and 
SelectBeer.do is the logical name 
of a resource. 



Container 


The Container sees that the <servlet- 
name> for this <url-pattem> is "Ch3 
Beer" But that isn't the name of an 
actual servlet class file. “Ch3 Beer" is 
the name of a servlet, not a servlet 
classl 

To the Container, a servlet is something 
named in the DD under a <servlet> tag. 
The name of the servlet is simply the 
name used in the DD so that other 
parts of the DD can map to it 


I <web* a W > 

I <**tvlet> 

I <,erviet-n«*-* 

Ch3 EVO* 1 

1 </»ervlet> 
l <s«rvlet-r,am*> 

_ \ j*. Ch3 a** 1 

<url-P® tt * £I ’ 

A ^V/ selucU** 1 
/ I . 

/ l </fiotvl*v-'“PF lnq 
/ 1 .,'v*eb-«pi> > 


Container 
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hands-on MVC 




© 


The Container looks inside the 
<servlet> tags for something with 
the <servlet-name> “Ch3 Beer" 


The Container uses the 
<servlet-class> in the <servlet> 
tag to know which servlet class 
is responsible for handling this 
regucst. If the servlet has 
not been initiali 2 ed, the class 
is loaded and the servlet is 
initialized. 


Container 




r 


1 

l <8ervlet> 

4 -^ Ch 3 

\ r 


A 


> Ch3 

■ ser'/ltt- ’ ^\B««cSel“ ct 

_^ cow« ,campl 


0>ar vl«t-aJPP ln ^ j / 

Ch3 Baefc 

< f ' <ervle t * n9in8> 
<uri”P* ttern > 

</ ut j.-pattern> 

</se*vlet-*-PP 1, ’ q> 

c/web-*PP > , 


Container 


© 


The Container starts a new thread to 
handle the reguest, and passes the 
reguest to the thread (to the servlet's 
service() method). 



Container 

response 




The Container sends the response (through the 
Web Server, of course) back to the client. 





Client 



Container 
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servlet controller ersion one 


The first version of the controller servlet 

Our plan is to build (In- sen lct in stages. testing the various communication 
links as tve go. In the end. renumber, the servlet will accept a parameter front 
the request, invoke a method on the model, sum- information in a place the |SP 
can find, and forward the request to thcJSP. But for this first version, our goal 
is just to make sure that the HTML page can properly invoke the sen’let. and 
that the servlet is receiving the HTML parameter correctly. 


Servlet code 


code „ . w i 

B« lwrt ^ , 

package com.example.web; t^ xtr 

sfcrvlW* 4 ^ 

import j avax.servlet.*; 

. ‘ ; 

import java.io.*; S ,,c 


*K.th 


public class BeerSelect extends HttpServlet I 


We II use doPast to 
handle the HTTP 
request because 
the HTML for* 
says: 

method=P0ST 


public void doPost(HttpServletRequest request, 
HttpServletResponse response) 

, _ throws lOException, ServletException { 


resf ■ nse.setCor.tentType (’* text/him! M >; - 

PrintWriter out = response,qetWriter(); 
out.println("Beer Selection Advice<br>"); 
String c = request.getParameter(“color"); 
out. print In(*<br>Got beer color ” » c); ^ 

We re not giving back advice 
here, just displaying test 
information. 


This method Comes from the 
ServletKesponse interface 

This method Comes from the 

ServletReguest interface 
Notice that the argument 
matches the value of the 
name attribute in the 
HTML’s <select> tag 


Key APIs 
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hands-on MVC 


Compiling, deploying, and testing the controller servlet 

()k. we’ve built, deployed, and tested our H TML and we’ve built and deployed our 1)1) 
well, we put the web.xml into the deployment environment, but technically the 1)1) won’t 
be deployed until we restart TomcatNow it's time t<> compile the first version of the 
servlet, deploy it, and test it via the HTML lorm. Now we'll restart Tomcat to make sure 
that it “sees’' the web.xml and servlet class. 


Compiling the servlet 


r 


Compile the servlet with the -d flag to put the class in the development environment. 

Must th,s to ~atch your cum d«ttory path to y~r system' 
f Everything ^fter M to»»tat/ will fee the tJ "* e 


Fie Edit Vtado* H«p upd«t*e/»r 


% cd MyProjects/beerVl 

% javac -classpath /Users/bert/Applications2/tanicat/caiiirnon/lib/ 
servlet-api.jar:classes:. -d classes src/com/example/web/BeerSelect.java 


Use a s<»»idolon 
On the Windows OS 


y 


Use the -d option to tell the toiler to put the el*s file 
into the classes d.rectory within the Correct package structure 
Your class tile will end up m /beod/l/classes/co*/e»a»pl</web/ 


Deploying the servlet 

To deploy the servlet, make a copy of the class file and move it to the 

/Beer-vl/WEB-IN F/classes/com/example/web/ directory in the deployment structure. 


Testing the servlet 

1 - Restart tomcat! 

2 - Launch your browser and go to: 
http://localhost:8080/Beer-v1/form.html 

4 - Select a beer color and hit “Submit” 

5 - If your servlet is working, you should 
see the servlet's response in your browser 
as something like: 

Beer Selection Advice 
Got beer color brown 


Edit wndow Hee SlatNUIUe 


% cd tomcat 


% bin/startup.sh 


non 

http:// 


http://localhost 8080 /Beef-vl/form.hlml 

Beer Selection Page 

Select hetf duracarmifc* 
cota- m. -n 
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the model class 


Building and testing the model class 

In MV(’, the model tends to be the ‘■back-end” of the application. It's often the legacy system 
that's now being exposed to the web. In most cases it’s just plain old Java code, with no 
knowledge of the fact that it might be called by serv lets. The model shouldn't lie tied down to 
being used by only it single web app. so it should be in its own utility packages. 

The specs for the model 

- Its package should be com.example.model 

- Its directory structure should be /WEB-INF/classes/com/example/model 

- It exposes one method, getBrands(). that takes a preferred beer color (as a 
String), and returns an Arraylist of recommended beer brands (also as Strings). 

Build the test class for the model 

Create the test class for the model (yes, before you build the model itself). You're on 
your own here; we don't have one in this tutorial. Remember, the model will still be in the 
development environment when you first test it—it's just like any other Java class, and 
you can test it without Tomcat. 

Build and test the model 

Models can be extremely complicated. They often involve connections to legacy 
databases, and calls to complex business logic Here’s our sophisticated, rule- 
based expert system for the beer advice: 

package com.example.model; 
import java.util .*} 

public class BeerExpert ! 

public List getBrands (String color) I 
List brands = new ArrayListO; 
if (color.equals(“amber")) I 
brands.add("Jack Amber"); 
brands.add("Red Moose"); 

) 

else { 

brands.add(“Jail Pale Ale"); 
brands.add("Gout Stout"); 

) 

return(brands); 

I 

) 

| Fll» Eot Window Htb Skateaoarc | 


% cd beerVl 

% javac -d classes src/com/examplG/model/BeerExpert.java 


bow 
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hands-on MVC 

Enhancing the servlet to call the model, 
so that we can get REAL advice... 

In this version two servlet we'll enhance the clnPosi ) method to 
( .ill (lie model for advice version thn-r w ill make the advice rome 
from .1 ,|SI’ The code changes are trivial, hut die important part is 
understanding the redeployment of the enhanced weh app. You can 
try to write the code, recompile, and deploy on yout own, or you 
c an turn the page and follow along... 



Enhance the servlet, version two 

Forget about servlets tor a minute let's just think Java What 
are the steps we have to take to accomplish the following? 

1 - Enhance the doPostf) method to call the model. 

2 - Compile the servlet 

3 - Deploy and test the updated web app 


publ>£ claw BervSelctl extends HttpServlet { 





calling the model from the servlet controller 


Servlet version two code 

Remember, the model U just plain old Java, so «v t ail it like we’d c all any 
other Java method instantiate the model class and call its method! 


package cnm.example.web; 

import com.example.model.* 

import javax.servlet.*; 
import javax.servlet.http.*; 
import java.io.*; 
import java.util.*; 




, SerV 

Hcrt . ass 

3 Tt 

public class BeerSelect extends HttpServlet ( 


ilct. 


public void doPost (Ht t.pServletRequest request, 

HttpServletR&sponse response) 
throws lOException, ServletException I 


String c = request.getParameter("color"); . . , 

/ l**Ut*fe the Beee£*Pe*4 

BeerExpert be = new BeerExpertO ,4^ cla« dnd Mj( 

List result = be.getBrands(c); 


response.setContentType(“text/html"); 
PrintWriter out *■ response.getWriter0; 
out.println("Beer Selection Advice<br>"); 


) 


) 


Iterator it - result.iterator(); 
while(it.hasNext()) { 

out.print("<br>try: " + it.nextO); 


} 


£*«• fte 4 
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hands-on MVC 


Key steps for servlet version two 

\\V have two main (hint's In tin: recompile the serrlet and 
deploy the model class 


Compiling the servlet 

We ll use the same compiler command that we used 
when we built the first version of the servlet. 


c lte Eat Winder Help PlayGo 


% cd beerVl 

% javac -classpath /Users/bert/Applications2/tomcat/connnon/l±b/ 
servlet-api.jar:classes:. -d classes src/com/exaxnple/web/BeerSelect.java 


Deploying and testing the web app 


Now, in addition to the servlet, we also have to deploy the model 
The key steps are: 

1 - Move a copy of the servlet class file to: 
./Beer-vl/WEB-INF/classes/com/example/web/ 

This replaces the version one servlet class file! 

2 - Move a copy of the model's class file to: 
./Beer-vlA/VEB-INF/classes/com/example/model/ 

3 - Shutdown and restart tomcat 


4 - Test the app via form.html, 
the final browser output should be 
something like: 


Beer Selection Advice 
try: Jack Amber 
try: Red Moose 


R# Ed* Window H»ip StlMigft 


% bin/shutdown.sh 
% bin/startup.sh 


ROT 


http //localhost 8080/Beer-vl/fwm 




C'ofcir i 


Beer Selection Fa(»e 

sen chMfeJerML* 

ST® \S 



you arc here ► 
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the MVC pf > 


Review the partially completed, MVC 
beer advice web application 


What’s working so far... 

Container 



1 - The browser sends the 
request data to the Container 

2 - The Container finds the 
correct servlet based on the 
URL. and passes the request to 
the servlet 

3 - The servlet calls the 
BeerExpert for help 

4 - The servlet outputs the 
response (which pnnts the 
advice) 

5 - The Container returns the 
page to the happy user 


What we WANT... 


1 - The browser sends the 
request data to the Container 


Container 



2 - The Container finds the 
correct servlet based on the 
URL. and passes the request to 
the servlet. 

3 - The servlet calls the 
BeerExpert tor help 

4 - The expert class returns an 
answer, which the servtel adds 
to the request ob|ect. 

5 - The servlet forwards the 
request to the JSP 

6 - The JSP gets the answer 
from the request object 

7 - The JSP generates a page 
for the Container 
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8 - The Container returns the 
page to the happy user 




hands-on MVC 


Create the JSP "view" that gives the advice 

Don’t get youj hopes up. You’re going to haw to wait lor a few 
c hapters before we really start talking about JSI’s. I'liis JSP isn't 
actually a particularly good one, either (because of its script let code, 
which we’ll talk about later in die book). For now it should be pretty 
easy to read, and if you want to experiment a little, go lor it. Although 
we could test this JSP now from the browser, we’ll wait until after we 
modify the servlet iversion threei to see if it works. 


Here’s the JSP... 

%@ page import="java.util.*" *• 



Thu it a 'page directive” 
fweVe thinkmg it's pretty 
obvious what this one does) 


<html> 

<body> _Some standard HTML (which it known 

<hl align= M cGnter">Beer Recommendations JSP</hl> template tent m the JSP world). 

<p> 


at 


<% 


List styles - (List)request.getAttribute("styles"), 
Iterator it = styles.iterator()? 
while(it.hasNext()) | 

out.print(*<bt >try: ” * it.nextO); 

) 


%> 

</body> 

</html> 


Some standard Java sittmg 
mtide <% %> tags (this « 
known at sCriptlet Code) 


Here were getting an attribute 
from the request object h 
little later in the book, we'll 
e*plam everything about 
attributes and how we managed 
to get the reguest object 


Deploying the JSP 

We don t compile the JSP (the Container does that at first request) 
But we do have to: 

1 - Name it ‘result.jsp". 

2 - Save it in the development environment, in: /web/. 

3 - Move a copy of it to the deployment environment in /Beer-vl/. 








♦loST 








result.jsp form.html 


you are here * 
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dispatching a request to <i JSP 


Enhancing the servlet to "call" the JSP (version three) 

In tliis step we’re going to modify the servlet to "call" the JSP to produce the output 
•view - The Container provides a mechanism called “request dispatching” that 
allows one Container-managed component to call another, anti that’s \)liat we’ll 
use the sen let will get the info front the model, save it in the request object, then 

dispatch the request to the JSP 

The important changes we must 
make to the servlet: 

1 - Add the model component's answer to the request object, so that 

the JSP can access it. (Step 4) 

2 - Ask the Container to forward the request to “result.jsp". (Step 5) , 

^ 1 • The browser sends the 

request data to the container 

2 - The Container finds the 
correct servlet based on the 
URL and passes the request to 
the servlet 

3 • The servlet calls the 
BeerExpen (or help 

4 - The expert class returns an 
answer which the servlet adds 
to the request object 

5 - The servlet dispatches to 
the JSP 

fi - The .ISP nets the answer 

* • ••• — ■ o' — —. 

from tne request object 

7 - The JSP generates a page 
for the Container 

8 - The Container returns the 
page to the happy user 
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hands-on MVC 


Code for servlet version three 

Here s how we modi lied the servlet to add tile model 
component's answer to the recjitest ohjeei so iheJSP 
ran retrieve it), and how we asked the Container to 
dispatch to iheJSP. 


package con.example.web; 

import com.example.model.*; 
import javax.servlet.*; 
import javax.servlet.htLp.*; 
import java.io.*; 
import java.util.*; 

public class BeerSeiect extends HttpServlet ( 

public void doPost(HttpServletRequest request, 

HttpServletResponse response) 
throws IOException, ServletException I 


String c - request .get.Parameter ("color"); 
BeerExpert be = new BeerExpert(); 

List result = be.qetBiands(c); 


Noth -that the JSP IS ^ to 
^_produce the output we should 

// PrintWriter oat reeponse.getWriterO; re~o*e the test output from the 

" 01 |; servlet Wb coated .t out so 

■that you could still see it here 


request.setAttribute("styles", 


Add an attribute to the request 

r- •. iysr> 1 W I.- •. 

— ob>ft W the j±r to use ooxice 

result) ; ^ ^ Jsp * lookm , ^ "styles* 


) 


RequestDispatcher view = 

request.getRequestDispatcher("result.jsp");, 

view.forward(request, response); 




—vcdre^ucit 
d ' S ^her 4r the JSP 


V 


Use the request dispatcher to ask 
the Container to Crank up the JSP, 
sending it the request and response 


you are here * 
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compile, deploy, and ’si 


Compile, deploy and test the final app! 

In this chapter we've built an entire albeit liny) MY(! application 
using H TML, servlets and.JNI’s. You can add this n> your resume. 


Compiling the servlet 

We ll use the same compiler command that we used earlier: 


Ft* Edit Wwfcrw Help RunltdATrap 


% cd beerVl 

% javac -classpath /Users/bert/Applications2/tomcat/common/lib/ 
servlet-api.jar:classes:. -d classes src/com/example/web/BeerSelect.java 


Deploying and testing the web app 

Now it's time to redeploy the servlet. 


1 - Move a copy of the servlet’s class file to ../Beer-vl/WEB-INF/classes'com/example/web/ 
(again, this will replace the previous version two class file). 


3 - Shutdown and restart tomcat 


4 - Test the app via form.html 


Fit Edit Wnoow Hep sWfourMlt 


% cd tomcat 
% bin/shu tdown.sh 
% bin/startup.sh 


http://1ocalhost 8080/Beer-vl/form him! 



Hert'j what yc* ***' 
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hands-on MVC 



/ OK so now he can do on MVC app, 
but he still has no clue how to use ] 
the JSP expression language, or JSTL, 
or write a custom tog, or use a filter, and I 
eought him playing a Wcezcr CD and it was 
AFTER the green album We still has SO 
v much to learn 


T- 


There is still so much to learn. 

The party's oxer. You had three whole chapters to cruise along, write a little 
code, review the whole H I 1 l J request/response thing. 

Ihu there’s still 200 mock exam questions waiting for you in this hook, and 
tltev start with the next chapter. Unless you're already familiar with servlet 
development and deployment, you really shouldn’t turn the page until alter 
you actually do the tutorial in this chapter. 

Not that were Irving to pressure you or guilt-trip you or anything... 


you are horv ► 
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4 request AND response 


Being a Servlet 



Servlets live to service clients. A servlet s job IS to take a client s 

request and send back a response The request might be simple “get me the 

Welcome page ' Or it might be complex Complete my shopping carl check-out ." 
The request carries crucial data, and your servlet code has to know how to find 
it and how to use it. The response cames the info the browser needs to render 
a page (or download bytes), and your servlet code has to know how to send it 
Or not your servlet can decide to pass the request to something else (another 
page, servlet, or JSP) instead 


this Is a new chapter 
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official Sun exam objectives 


OSJIKTWES 



The Servlet Technology Model 

1.1 For each of the HTTP Methods (such as 
GET. POST. HEAD, and so on), describe 
the purpose of the method and the technical 
charactenstics of the HTTP Method protocol, 
list triggers that might cause a client (usually a 
Web browser) to use the Method, and identify 
the HttpServlet method that corresponds to the 
HTTP Method. 


1.2 Using the HttpServletRequest interface, write 
code to retrieve HTML form parameters from 
the request, retrieve HTTP request header 
information, or retrieve cookies from the 
request 


1.3 Using the HttpServletResponse interface, write 
code to set an HTTP response header, set 
the content type of the response, acquire a 
text stream for the response, acquire a binary 
stream for the response, redirect an HTTP 
request to another URL, or add cookies to the 
response.’ 

1.4 Describe the purpose and event sequence of 
the servlet lifecycle: (1) servlet class loading. 
(2) servlet instantiation. (3) call the init() 
method, (4) call the serviced method, and (5) 
call the destroyO method 


Coverage Notes: 

All i>J I Its objectives in this section are covered 
completely in this chapter, with the exception 
of the cookies pact of objective 1.3. .-1 lot 
if the content in tins ihnptei was touched on 
in chapter two, hut in chapter two we said, 
“Don’t worry about memorizing it. " 

In this chapter.you DO have to slaw down, 
really study, and memorize the content ,\b 
other chapter will cover these objectives in 
detail, so this is it. 

Do the exercises in the chapter, lerieu the 
material, then take your first mock r\nm at the 
end oj the chapter. If row don't get at least 
80“ a correct, go hack through the chapter to 
figure out what you missed. BEFORE you 
more on to chapter five. 

'some of the mock exam questions that belong 
u ilh these objectives hare hern moved into 
chaplets J and ft. because the questions require 
additional knowledge of some oj the topics we 
don't rover until those chapters. That means 

there ore fewer mock exam questions in this 
chapter, and more in later chapters, to avoid 
testing you on topics you haven’t covered. 

Important note: while the first three chapters 
covered background information, from this page 
forward in the book, virtually evaxthingyou're 
going to see is directly related to oi explicitly 
part uf the exam. 


* We went say much about the objectives 
related to cookies until the Sessions chapter 
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request response 


Servlets are controlled by the Container 

In chapter two we looked at the Camuiner’s overall role in a servlet's life it 
creates the request and response objects, creates or allocates a new 
thread for the servlet, and calls the servlet's service*!) method, passing the 
request and response references as arguments. Here’s a quick review... 


© 

n «> I 1 

browMr I 

i o 

ti servlet 



container 


Client 



User dicks a link that has a URL 
to a servlet 


© 




The Container "sees" that the 
request is for a servlet, so the 
container creates two objects 

1} HttpServletResponse 

2) HttpServletRequest 





The Container finds the correct 
servlet based on the URL in the 
request, creates or allocates 
a thread for that request, and 
calls the servlet s service!) 
method passing the request and 
response objects as arguments 


you are here * 
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Servlets and the Containet 


The story continues... 
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The serviceQ method figures out 
which servlet method to call based 
on the HTTP Method (GET, POST, 
etc.) sent by the client 

The client sent an HTTP GET 
request, so the service!) method 
calls the servlet's doGet() method, 
passing the request and response 
objects as arguments 


The servlet uses the response 
object to wnte out the response 
to the client The response goes 
back through the Container 



The service() method completes, 

crv tha fhroari aithor Hioc rvr roiumc 

vA/ urw UUOUU UIUIUI UIUU VI IVitUIIM 

to a Container-managed thread 
pod The request and response 
object references fall out of scope, 
so these objects are toast (ready 
for garbage collection) 

The client gets the response 








request response 


Put there's wore to a servlet's life 

We stepped into the middle til the servlet’s life, hut that still leaves 
quest ions: when was the servlet class loaded. -1 When did the servlet's 
constructor run? How long does the servlet object live? When should 
your servlet initialize resources? When should it clean up its 
resources? 

The servlet lifecycle is simple; there's only one main state initialized 
ll the servlet isn't initialized, then it's either hang initialised (running 
its constructor or init()nu*ihod), bring destroyed {running its destroy!) 
method . 01 it simply does not exist. 


does not mist 

V ,/ 



Web Container 


Servlet Class Servlet Object 



you are here * 
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the Servlet API 


Your servlet inherits the lifecycle methods 


«interlace » 

Servlet 


service (ServletRequest, ServletResponse) 
mitfServletConfig) 
destroy() 

getServletCon figf) 
getServtetlnfof) 


Servlet interface 

(javax servlet Servlet) 


I V.«4- art 3 * ee 

no* 

Wow 


TV Servlet interface 


that all servlets Kave these 

l'* ***>»* tthe three 
bold are li+ecycle methods) 


Jvst , 
ti* 1 -° rks 


err 


GenericServlet 


servicelServletRequest ServletResponse) 
Init(ServletConfig) 

«it<) 

destroy!) 

getServletConfig() 
getServletlnfoO 
getlmtParameter( String) 
getlmtParameterNamesI) 
gelServletContexlll 
log(Stnng) 

krg(Stnng, Throwable) 


HttpServlet 


service | HttpServletRequest, HttpServletResponse) 

serv>ce(ServletRequest, ServtetResponse) 
doGet( HttpServletRequest HttpServletResponse i 
doPost(HttpServletRequest HttpServletResponse) 

j_lj iiijii.c..j.tn*. —i Uki_c—i^»n-—\ 

uurietfui nupotn v»tnr\tjv|mr>t niipoti vievr\esf»ut inc) 

doOptions<HttpServletRequest. HttpServletResponse) 
doPuti'Http ServletRequest, HttpServletResponse) 
doTraoefHttpServletRequest HttpServletResponse I 
doDelete)HttpServletRequest, HttpServletResponse) 
getLaslModified(HtlpServletRequest) 


GenericServlet class 

(javax.servlet.GenencServlet) 

W*S*rv,et « an abstract class that 

"fc* ** servlet 

XFZZ'l? "r c d ‘ ^.e -Prom 

VEl/ER ^ ln ^ e ^ w»H probably 

MVSR extend this Class yourselF Most 


HttpServlet class 

(javax servlet http HttpServlet) 

just any ota s^rviet 

Ut I HTTP-syecU «V elt *4 * 


MyServlet 


doPostfHttpServletRequest HttpServletResponsel 
myBizMethod(l 


MyServlet class 

(com wickedlysmart too) 

Most of your servletness is handled by superclass methods 
Ally ou do is override the HTTP methods you need 
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request rnd response 


The Three Pig Lifecycle Moments 



init() 


When it’s called 

The Container calls imt() on 
the servlet instance after the 
servlet instance is created but 
before the servlet can service 
any client requests 


What it’s for 

Gives you a chance to 
initialize your servlet before 
handling any client requests 


Do you override it? 

Possibly 

If you have initialization code 
(like getting a database con¬ 
nection or registenng yourself 
with other objects), then you II 
override the mit() method in 
your sen/let class. 


o 

service() 


When it’s called 

When the first client request 
comes in, the Container starts 
a new thread or allocates a 
thread from the pool and 
causes the servlet's servioe() 
method to be invoked 


What it’s for 

This method looks at the 
request, determines the HTTP 
method (GET, POST, etc) 
and invokes the matching 
doGet() doPost(), etc on the 
servlet 


Do you override it? 

No Very unlikely 

You should NOT ovemde the 
service() method Your job is 
to overnde the doGet() and/or 
doPost{) methods and let the 
service!) implementation from 
HTTPServlet worry about 
calling the right one. 


o 

doGet() 

and/or 


When it’s called 

I ne service!) method invokes 
doGet() or doPost() based on 
the HTTP method (GET, POST, 
etc ) from the request 


doPost() (We re including only doGet<) 
and doPost() here, because 
those two are probably the only 
ones you'll ever use) 


What it’s for 

l his is where your code 
begins' This is the method 
that’s responsible for whatever 
the heck your web app is sup¬ 
posed to be DOING. 

You can call other methods on 
other objects, of course, but it 
all starts from here 


Do you override it? 

ALWAYS ar least UNt of 
them! (doGetf) or doPostO) 

Whichever one(s) you 
ovemde tells the Container 
what you support. If you 
don t overnde doPost(), for 
example, then you re telling 
the Container that this servlet 
does not support HTTP POST 
requests 


you are here ► 
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servlet threads 


I think I got this... so the Container 
calls my servlet's init() method, but if I don't 
override mit(), the one from GenericServlet runs. 
Then when a request comes in, the Container starts 
or allocates a thread and calls the service() method, 
which I don't override, so the serviceQ method from 
HttpServlet runs The HttpServlet service() 
method then calls my overridden doGetQ or 
doPost() So each time my doSet() or doPost() 
runs, it's in a separate thread. 



Servlet initialization 


VJL 


Thread A 

The Container mils min • 

on the servlet instance 
after iIn servlet instance is 
created but before the sen let 
can service any client 
request*. 

II sou have initialization 
code lik« getting a database 
connection <tr rrgisirring 
yourself with oilier objects), 
then you'll override ilie 


The service() method is always 
called in its own stack... 


Client request 1 



Thread B 

When the first client 
request comes in. the 
Container starts (or finds) 
a thread and causes the 
servlet's service method to 
be invoked. 

Vnu normally will NOT 
override the service i 
method, so the one from 
HttpServlet vs ill run. The 

service method ligurrs 


Client request 2 



Thread C 

When the second and all 
oilier I client requests come 
in. the Container again 
creates or finds a another 
thread and causes the 
servlet’s service) method to 
be invoked. 

So, the service:' ••> doGctli 
method sequence happens 
each lime there's a client 
request. At anv given 


null method in your 
servlet class. Otherwise, 
the mil method from 
(ictirrirServlet runs. 


out « hit'll H FTP method 
GKT, POST, etc. o in 
the request, and invokes 
the matching doCietn nr 
dnPbsti ' method. The* 
tint iei and doPost" 
inside HttpServ let don’t do 
anv thiug. so you have to 
override one or both. I his 
thread dies inr is pm Itack 
in a ( mntainrr-mnnagcd 
pooli when service)) 
completes. 


tame, you'll have at leant 
as many runnable threads 
as there are client requests, 
limited In the resources 
or polic ies/ronfigtiration 
of the Container. You 
might, for example, have 
a Container that lets you 
specify the maximum 
number nl simultaneous 
threads, and when the 
nuinbel of i lit nl requests 
exceeds that, some ilienls 
vs ill just have to wait, i 
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request response 


Each request runs in a separate thread! 

You might hear people say things like. “Eads instance of the servlet...” hut ihat\ just 
wrung. There aren't multiple instances of any servlet class, except in one special case 
■;called SingleThreatlMixlel. which is inherently evil). Inn we’re not talking about that 
special case yet. 

The Container runs multiple threads to process multiple requests to a 
single servlet. 

And every client request generates a new pair of request and response objects. 


Container 



dim 


O: 

This is confusing... in the 
picture above you show two differ¬ 
ent clients, each with its own thread. 


What happens if the same client 
makes multiple requests? Is it one 
thread per client or one thread per 
request? 


A: 

£\ One thread per request. The 
Container doesn't care who makes 
the request—every incoming request 
means a new thread/stack. 


What if the Container uses 
clustering, and distributes the app 
on more than one JVM? 

A: 

Imagine the picture above is 
for a single JVM, and each JVM has the 
same picture. So for a distributed web 
app, there would be one instance of 
a particular servlet per JVM, but each 
JVM would still have only a single 
instance of that servlet. 



0 : 

I noticed that HttpServlet 
is in a different package from 
OenerlcServlet... how many servlet 
packages are there? 


A: 

Everything related to servlets 
(but excluding JSP stuff) is in either 
javax.servlet or javax.servlet, http. 

And it's easy to tell the difference... 
things that have to do with HTTP is 
in the javax.servlet.http package, and 
the rest (generic servlet classes and 
interfaces) are in javax.servlet. We ll 
see JSP-related chapters later in the 
book. 
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servlet initialization 


In the beginning: loading and initializing 

The servlet starts life when the Containn finds the servlet class file. 
This virtually always happens when the Container stalls up (for 
example, when you run Tomcat). When the Container starts, it looks 
for deployed weh apps and then starts searching Idr servlet class files. 
In the Deployment chapter, we'll go into more details of how. why, 
and where the Container looks for servlets.) 

Finding the class is the first step. 

Loading the class is the second step, and it happens either on Container 
startup or first client use. Your Container might give you a choice about 
t lass loading, or it might load the i lass whenever it wants. Regardless 
of whether yout Container gets the servlet ready early or does it just- 
in-time when the first client needs it, a servlet’s trrnrrf) method mil not 
run until the mriet isjullj initialised. 


Your servlet is always 
loaded and initialized 
BEFORE it can service 
its first client request- 


init() always complatas before the first call to servica() 



FLEX YOUR MIND 

Why is there an init() method? In other 
words, why isn’t the constructor enough for 
initializing a servlet? 


What kind of code would you put in the init() 
method? 


Hint: the init() method takes an object 

roforonro rjrnijrnont Whftj Hn wqij think tho 

argument to the mit() method might be. and 
how (or why) would you use it? 
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request response 


does not exist 



- - '—A/ 

a «r.Vet’*^ 

i.() rvnt 0**1 T. L. s \p d« 
tv« w»tw ,i k j <i<mv **1 , l 

„ * £ t0 *bn** 

e aJ^ dole 


Servlet Initialization; 

when an object becomes a servlet 


The proudest moment of my life is 
when the Grand Master Container makes 
me a servlet , by making a ServletConfig for me, and 
calling my mit() Before that, I'm just an ordinary object. 
But as a servlet, I have special privileges (besides the 
secret handshake), like the ability to log events, 

. get references to other resources, and store 
\ attributes for other servlets.. 

I 


A servlet moves from tint* not rxisl lo initially d (whi< li 
really means truth' to '■n ut flintl rn/unh i, l>eginning with a 
constructor. But the constructor makes only an objn t, not 
a serrlrt. To be a servlet, the object needs to be granted 
strtUtntsi. 

When an object becomes a servlet, ii gels all the unique 
privileges that come with being a sen let. like the ability to 
use its SrnlftCantryt reference to get information from the 
Container. 

Why do ive care about initialization details? 

Because somewhere between the constructor and the init 
method, the servlet is in a Sihivttlingtr's * snvltt state. You 
might have servlet initialization code, like getting web app 
configuration info, or looking up a reference to another part 
of the application, that will fail if you run it loo rarly in the 
sen lei's life It's pretty simple though, if you remember lo put 
nothing in the sen let's constructor! 

There's nothing that can't wait until inn 


’ It your quantum mechanics is a little rusty—you might want to do a Google search 
on 'Schroedinger's Cat" (Warning pet lovers, |ust don't go there) When we refer 
to a Schroedinger state, we mean something that is neither fully dead or fuRy alive, 
but in some realy weird ^ace in between 
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ServletConfig and ServletContext 


What does ‘being a servlet’ buy you? 


What happens when a 
servlet goes from this: 




V/atch it! 


Don’t confuse 
ServletConfig 
parameters with 
ServletContext 
parameters! 


We don't realty talk about these until 
the next chapter, but so many people 
net them confused that we want to 
plant the seed early: pay attenbon to 
the differences. 

Start by looking at the names 

ServletConfig has the word 'coring tn 
lt for ‘ configuration " It s about deploy¬ 
time values you've configured for the 
servlet (one per servlet). Things your 
corvlot might want to access that you 
I don't want to hard code, like maybe a 

l nontP 

Uuiauaov 

ServletConfig parameters won i 
change for as long as this servlet is 
deployed and running. To change 
them, you'll have to redeploy the 
servlet 

ServletContext should have been 
named AppContext (but they didn t 
listen to us), because there's only one 
per web app. NOT one per servlet 

Anyway, we'll get into all this m the 

next chapter—this is just a heads-up 


A ServletConfig o bject 

■ One ServletConfig object per servlet 

■ Use it to pass deploy-time information to the servtet (a 
database or enterprise bean lookup name, for example) 
that you don't want to hard-code into the servlet (servtet 
mit parameters) 

■ Use it to access the ServletContext 

■ Parameters are configured In the Deployment Descriptor 


A ServletContext 


■ One ServletContext per web app. (They should have named It 
AppContext) 

■ Use It to access web app parameters (also configured in the 
Deployment Descriptor) 

• Use it as a kind of application bulletin-board where you can 
put up messages (called attributes) that other parts of the 
application can access (way more on this in the next chapter) 

■ Use it to get server info, including the name and version of the 
Container, and the version of the API that s supported 
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request response 


Jut a Servlet's REAL job is to handle requests. 
That's when a servlet's life has weaning. 


In ilit- nrxi chapter wr'II look at ServletConfig and Sen letContcxi, lull lor 
now, we're dig^ni; into details of the request and response. Because the 
SenletConfig and Sen letContext oxisi only to support your sen let’s One 
i’ruejob: to handle client requests! So before we look at how your context 
and i onlitj objects can help you do your job, we have to back up a little and 
look at the fundamentals of the request and response. 

You already know that you’re handed a request and response as arguments 
to the dot.ei or doPi*st(!< method, hut what fiou'm do those request and 
response objects give you? What can you do with them and whs do you rare? 


%Jharpen your pencil 


Label the missing pieces (the 
empty boxes) of this lifecycie 
timeline (Check your answers with 
the timeline shown earlier in this 
chapter) 

Add your own annotations as well 
to help you remember the details 


Web Container 


Servlet Class Servlet Object 
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Request and Response 


Request and Response : the key to everything, 
and the arguments to serviceO* 


ServletRequest interface 

(javax servlet ServletRequest) 


ServletResponse interface 

(javax. servlet. ServletResponse) 


T 


HttpServletRequest interface 

(javax.servlet http HttpServletRequest) 

_I__ 


«inlerface» 

HttpServletRequest 


getConlextPathf! String 
getCookies{) Cookie[] 
getHeederlStringl String 
getQueryString() String 
getSessronl) HttpSession 
gctMcthod(l: Gtnng 
//MANYmom methods 


TV HttpSrrvletRevest 

^ abowl HTTP i^s £ook ’ es, 

headers, and scions 

tk. -u-a. tut. «w* 

ov . iwJ wVt your servlet uses to 
^ ..L. ...J-uIhr tlient/brow^ 


«interiace» 

«mterface» 

ServletRequest 


ServletResponse 

getAttritx/te/String): Object 


get&JierSizet) int 

getContentLengthd int 


setContentTypelSthngl void 

getlnputStreami) ServtettnputStream 


setContentLengthlint) void 

getLocalPortO int 


getOutputStreamO: ServietOutputStream 

getParameter(String) String 


getWriterf) PrintWriter 

getParameterNamesI) Enumeration 


II MANY more methods 

// many more meinous.. 



HttpServletResponse interface 

(javax.servlet.http.HttpServletResponse) 

._I_. 


«in(erface» 

HttpServletResponse 


addCookiefCookie) void 
addHeader(Stnng name. String value! void 
encodeRedtreclURLfString uri> String 
sendEnorynt! void 
setStatus(mt) void 
II MANY more methods. 


thi. 


HUpServW? U the ' re 'r°*« th e 
3 crrw ' and headers 


*The request and response objects are also arguments to the other 
HttpServlet methods that you write— doGetO, doPost(). etc 
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request ind response 




O: 

Who implements the interfaces for HttpbervletKequest 
and HttpServletResponse? Are those classes in the API? 


A ; 

The Container, and No.The classes aren't in the API because 
they're left to the vendor to implement. The good news is, you 
don't have to worry about it. Just trust that when the service!) 
method is called in your servlet, it'll be handed references to 
two perfectly good objects that implement HttpServletRequest 
and HttpServletResponse. You should never care about the 
actual implementation class name or type. All you care about 
is that you II get something that has all the functionality from 
HttpServletRequest and HttpServletResponse. 

In other words, all you need to know are the methods you can call 
on the objects the Container gives you as part of the request! 

The actual class in which they're implemented doesn't matter to 
you—you're referring to the request and response objects only by 
the interface type. 


0 * 

Am I reading this UML correctly? Are those interfaces 
extending interfaces? 


A: 

Yes. Remember, interfaces can have their own inheritance 
tree. When one interface extends another interface (which Is all 
they can do - interfaces can't implement interfaces), it means 
that whoever implements an interface must implement all the 
methods defined in both the interface and its superinterfaces.This 
means, for example, that whoever implements HttpServletRequest 
must provide implementation methods for the methods declared 
in the HttpServletRequest interface and the methods in the 
ServletRequest interface. 

0 = 

l‘m still confused about why there's a GenericServlet 
and ServletRequest and ServletResponse. If nobody's doing 
anything except HTTP servlets... then what's the point? 


A i 

xA* We didn't say nobody. Somebody, somewhere, one could 
imagine, is using the servlet technology model without the HTTP 
protocol. Just nobody we've met personally or read about. Ever. 

Still, the flexibility was designed into the servlet model for those 
who might want to use servlets with, say, SMTP or perhaps a 
proprietary custom protocol. The only support built-in to the API, 
though, is for HTTP, and that's what virtually everyone's using. 


O 


The exam doesn't 
expect you to know 
how to develop with 
non-HTTP servlets. 

You re not expected to know anything 
about how you might use servlets with 
a protocol other than HTTP You are 
however, still supposed to know how 
the class hierarchy works So you DO 
have to know that HttpServletRequest 
and HttpServletResponse extend from 
ServletRequest and ServletResponse. 
and that most of an HttpServlet s 
implementation actually comes from 
GenericServlet 

But that's it The exam assumes you re 
an HttpServlet developer 
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HTTP Methods 


The HTTP request Method determines 
whether do&etO or doPostO runs 

The client's request, remember, always includes a specific 
HTTP Method, ll the HT TP Method is a (JET, ihr sen iceli 
method calls doGet). ll the H FIT request Method is a 
POST, the serviceQ method calls doPisti). 



You keep showing 
doGet() ond doPost() 
like the/re the only ones 
but I KNOW there are 
methods in HTTP 



GET vHwto«’ T * 

HTTPO.I 

w wool 
c*ao.' i “OST 

]00)00)4 N*»tf 


1 


Mrrrta-o 1 


'■*dv,KK/„| tc , BrwT , 
»“«>' It* 1 '*] do HTrP I i 

•“■Pt »r|/OT,|4 TOl ,.,„„ 

*‘•01 

err 



"W'W.W.I 
1 OxtPd»flan 


HTTP revests 



You probably won’t care 
about any HTTP Methods 
except GET and POST 

Yes, there art other HTTP 11 Methods 
besides GE’I and POS'I I here's also 
HEAD TRACE. OPTIONS. PIT. 
DELETE, and CONNEC T 

All hut one of the eight has a matching 
doXXX I melhiKl in the HltpSrrvlet 
class, so besides doGet( i and doPostl), 
you vi- got dottptions . doHeadi i. 
do liaceO. doPutt i. and doDeletei 
TIu-icX no met hanism in tin- srivln AIM 
lor handling doConnect(), so it’s not part 
ol HltpServlet. 

But while the other HTTP Methods might 
matter to. say. a web server developer, a 
serv/W developer rarely uses anything but 
CE I and POS T, 


For most lor probably n//.i servlet 
development, you’ll use either doGclii 
[lot simple requests' ot do Post to 
accept and process form data , ami you 
won’t have to think about the others 
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request m i response 


So if they're not 
important to me... of 
COURSE that means 
they'll be on the 
exam. 



Actually, one or wore of the other 
HTTP Method s wigh t wake a (brief) 
appearance on the exaw... 

If you’re preparing for die rxam, you should be able In 
recognize .ill of them from .»list, and have at least the briefest 
idea of what they're used for. But don't spend mut h time here! 


In the real servlet world, you care about GET and POST. 

In the exam world, you care just a tiny bit about the other 
HTTP Methods as well. 


GET Asks lo get the thing (resource I file) at the requested URL 

POST Asks the server to accept the body info attached to the request, and 

give it to the thing at the requested URL It's like a fat GET a GET with 
extra info sent with the requesL 


HEAD Asks for only the header part of whatever a GET would return So it's 
just like GET, but with no body in the response. Gives you info about 
the requested URL without actually gening back tne real thing. 


£*«W«yle of d resypTilt to dn 

HTTP OPTIONS 

i- __ 


HTTP/1 1 200 OK 
Server Apache-Coyote/V' 
| Date. Thu. 20 Apr 2004 

1650:00 GMT 
| Allow OPTIONS, TRACE. 

| get. HEAD. POST 
I Content-Length. 0 


TRACE Asks for a loopback of the request mossago. so that the client can see 
what s being received on the other end, for testing or troubleshooting 

PUT Says to put the enclosed info (the body) at the requested URL 

DELETE Says to delete the thing (resource / file) at the requested URL 

OPTIONS Asks for a list of the HTTP methods to which the thing at the 
requested URL can respond. 

CONNECT Says to connect for the purposes of tunneling 
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GET and POST 


The difference between GET and POST 


POST hus a body. Dial's I In- key Hull) (»E*I and l’< )ST can 
semi pnraniel<*rs, hut with CiLl, the parameter data is limited 
tu what you t ail slid! into tltr Request line. 


\* .V«-s x. 




TU 


Rt<\U 




The HTTP 

method 


It™ *• i>. 


* V* 

S Ovo- 






a^ eA 


!} e P^ofoec/ _ 

^e • *°" 


i 


Ub be, 


°wser 


GET /$elect/selectBeerTaste.jsp?color=dark&taste=malty HTTP/1.1 
/"Host: www.wickedlysmart.com 

l User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
\ 20030624 Netscape/7.1 

fhe forest /Accept: text/xml,application/xml,application/xhtml-i-xml,text/html;q-0.9,text/ 
headers / plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2, , 7*;q=0.1 
] Accept-Language: en-us,en;q=0.5 
I Accept-Encoding: gzip.deflate 
| Accept-Charset: 150-8859-l,utf-8;q=0.7,*;q=0.7 
H0 W1 I Keep-Alive: 300 

>»e*^ e ’ T ° ^ Connection: keep-alive 


TU 




The Request 
headers 


TU 


pyoipt°' 


The HTTP y. WO request 

method f parametfrs up here 

/ — i — a 

POST Zadvisor/selectBeerTaste.do HTTP/1.1 
Host: www.wickcdlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
70030674 Netsrape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ 
plain,q=0.8,video/x-mng, image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip.deflate 
Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Connection: keep-alive 


TU 




wme^**^ . 




ta' 


color=dark&taste=malty 


S' tKe F f^ eietrs Jre down here 

and have 

to put them in the *«*«* (me 
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request md response 


Sounds like the 
difference between SET 
and POST is the size of 
the parameter data you 
can send? 


O 

o 



No, it's not just about the size 

\V<* talked about other issm*s with (JET in chapter one, remember? 

When you use C»E E the parameter data shows up in die browser’s 
input bar, right alter actual URL (and separated with a ’*?"). 
Imagine a scenario in which you would not want the parameters to 
be visible. 



So. security might be another issue. 

Still another issue is whether you need or want end-users to 
Ire able to bookmark the request page. (JET requests t an be 
bookmarked; LOST requests cannot. That might lie really 
important if you have, say, a page that lets users s|>erify search 
criteria. The users might want to come back a week later and tr\ 
the same search again now that there's new data on the server. 

Bui besides size, security, and bookmarking, there’s another crucial 
difl'crcnce between (JET and l'()S| the way they're supposed 
to l»o used. CE l is meant lo be used for getting ihingfc Period. 
Simple retrieval. Sure, you might Use the parameters to help figure 
out what to send hark, hut the point is you’re not making any 
changes on the server! POST i> meant to lie used for sending Join 
In hr professed. This could lie as simple .is query parameters Used 
to ligtire out what to send back, just as with a (JET, but when von 
think of P< >ST. think: update I hink: use the data from the POST 
body to e/tniige something on the ferret. 

And that brings up another issue... whether the request is 
idempotent. If it’s not, you could get into the kind of trouble a little 
blue pill can't lix. If you're not familiar w ith the way the term 
“idempotent” is used ill the web world, keep reading... 
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the non-idempotent request 


The story of the non-idempotent request 

Diane has a need. She’s li ving desperately in purchase Head First Kniliing 
tmiii iIn- Wickedh Sinurl nnline book simp winch, unbeknown*! i<> Diane, is still 
in beta, Diane's low on money 'lie lias jusl enough in her clrhil account lo cover 
one Ixmk. She considered buying directly from Amazon nr the < FRcilly.com site, 
but decided she wanted an autographed copy, available only from the Wickedly 
■Smart site. A choice she would later come to regret... 


(J) Diane hits the CHECKOUT Browser sends an HTTP The Container sends the 

button. (She submitted her request to the server with request to the Checkout 

bank account info earlier.) the book purchase info and servlet for processing. 



Wickedly Smart’s Web 
Server/Container 



© 


Servlet updates the database 
(takes the book out of inventory, 
creates a new shipping order, etc ). 


Remote bank 
account server 



© 


Servlet does NOT 
send an obvious 
response, so Diane 
still secs the same 
shopping cart page 
and thinks... 



Maybe I didn't 
click it right. I better hit 
-i the CHECKOUT button 

°9 a,n 


Browser sends an HTTP 
request to the server with 
the book purchase info and 
Diane s customer ID number. 


Wickedly Smart's Web 
Server/Container 
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request response 


Our story continues... 


© 


The Container sends the 
request to the Checkout 
servlet for processing 



Wickedly Smart’s Web 
Server/Container 


© 


The servlet does not have a 
problem with Diane buying the 
same book she bought before. 


I guess she really 
likes this knitting book a 
lot she's buying it twice. 
Cool 



© 


Servlet electronically debits Diane's 
bank account for the second time 



Remote bank 
account server 


© 


Diane’s bank accepts the debit, but 
charges her a hefty overdraft fee. 



We'll let her buy this 
book, but we'll charge her 
an extra $25.00 for being 
overdrawn Bad, bad Diane! 



Remote bank 
account server 


Eventually Diane 
navigates to the 
Check Order Status 
page and sees 
that she has TWO 
orders for the 
knitting book... 



. / This is not riqht I 

meunl 1u buy only ONE book. 
What stupid web app developer 
made THIS? It should have 
"I recognized a duplicate 
C>\ transaction.. _ 




— T —T 

Hello bank? This 

V wickedly stupid 

programmer made 
mistake.. 
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HTTP methods 



Which of the HTTP methods do you think are (or 
should be) idempotent? (Based on your previous 
understanding of the word and/or the Diane double¬ 
purchase story you just read.) Answers are at the 
bottom of this page 

□ GET 

J POST 

J PUT 

J HEAD 

(We left off CONNECT deliberately, since it's not part of 
HttpServlet) 


Hr 


FLEX YOUR MIND 

What went wrong with Diane s transaction? 


(And it s not just ONE thing.., there are probably 
several problems the developer must fix.) 


What are some of the ways in which a developer 
could reduce the risk of this? 

(Hint: they might not all be programmatic 
solutions.) 


l l dllH 

3141 Xq )U3)odui3pi psjspjsuoo )ou si isod 4 upinoqs jnq) jiasjnoX 
poqiaiu ())3Qop juaiojujapi-uou e a|u,v, nvO noA qBnoq; ua/\a 
luajoduiapi se md poe qv3h 130 sajepep Dads i i dllH »41 
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request response 



Being idempotent is GOOD. It means 
you can do the same thing over and over 
again, with no unwanted side effects! 


Idempotent 



Client 


sends back a res 
with a generated HTML 


NOT Idempotent 




Servlet uses the POST 
data to update the 
database. 



Client 


Servlet 

Servlet sends back a response 
with a generated HTML page 
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idempotent reqitests 


POST is not idempotent 

An HTTP < »KT is just for fftUing things, and it's not 
supposed to flutngf anything on the server. So a (»KT 
is. Ity definition and according to the HTTP spee) 
idempotent. It can be executed more than once 
without any bad side cllccts. 

POST is not idempotent the data .submitted in tin- 
body of a POST might be destined lbr a transaction 
that can't be reversed. So you have to be careful with 
your doPosti l functionality! 


GET is idempotent. POST is not. 

It’s up to you to make sure that your web 
app logic can handle scenarios like Diane’s, 
where the POST comes in more than onca. 






GET is always 

considered 
idempotent in 
HTTP 1.1... 


...even if you see code on 
the exam that uses the GET 
parameters in a way that causes 
si de-effects/ In other words. GET 
is idempotent according to the 
HTTP spec. But there's nothing 
to stop you from implementing a 
non-idempotent doGetO method 
TTfour servlet The client s 
GET request is supposed to be 
idempotent. even ifwtmt YOU do 
with the data causes side-effects 
Always keep in mind the difference 
between the HTTP GET method 
and your se/vtof 's doGetO method. 


Note there are several different uses of -the word 
'‘idempotent”, were using it in the HTTP/servlet way 
to mean that the same reguest tan be made twide with 
no negative donseguendes on the server 'He do *not* 
use "idempotent" to mean that the same reguest always 
returns the same response, and we do NOT mean that a 
reguest has NO side effedts. 
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What determines whether the 
browser sends a GET or POST request? 


request response 


GET 


a ixmf l« *Tt er 


link 

a^T 


<A HR£F="http://www.wickedlysmart.com/index.html/">click here</A> 


POST 



y° u e*pl*it]y SA/ 

•*ethod="P0ST u , iK en , 

surprisingly, rfj a P0£T 


<£orn methods*"POST" 

Select beer characteristics^;* 
<select r.ame="color" size="l"-* 
<option>light 
<optioncamber 
<option>brown 
<option'dark 
</select> 

<eenter> 

<input type="SUBMIT"> 
</center> 

</form> 




t*,< •><* j; lk< post ~r 

<tr« « to,. -*-'<* 


rs?~t s?:£ ^ * 


What happens if you do NOT say •nethod s '70$f' in your <forw>? 




- TL- i 

- rm * 


r»*e, tftfrr 5 ^ «.*-tk®d=T0ST" (,^-j 


<form action-"SelectBeer.do"> 
Select beer eharacteristics<p> 

• select name="color" size="l" 
<option>light 
<option>amber 
<option>brown 
<option>dark 
</select> 

<center> 

<input type="SUBMIT 
</center> V\a« 

</£orm> 
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forms and HTTP 


POST is NOT the default! 

If you dun’t pul mcthod=“POST” into your Idrin, iho delimit 
is .hi HTTP OF.T request. Thai means the browser sends the 
parameters in the request header, but that's the least of your 
problems. Because if the request comes in as a (JET. that means 
you'll run into bin trouble at runtime tl you have only a doFosfi 
and not a dotJelQ in your servlet! 


If you do this: 


<form 


<r 




ktML 1 *" 


•w. 

action="SelectBee£.do"> 


And then this: 


public class BeerSelect extends HttpServlet l 


I 


public void doPost (HttpServletRequest request, HLLpServletRespon.se response) 

throws lOException, ServletExceptiori ( 

// code here 

I 


No 


method 




You’ll get this: 


FAILURE! If your HI ML form uses GET instead of 

POST, then you MUST have doGet() in your servlet 
class. The default method for forms is GET. 


What if I want to support both 
GET and POST from a single servlet? 

A j 

_£\' Developers who want to 
support both methods usually put 
logic in doGet(), then have the 



doPostO method delegate to the 
doGel() method if necessary. 

public void doPost(...) 

throws ... { 

doGet(request, response); 

) 
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request response 


Sending and using a single parameter 


HTML form 


cfortn niethod- w P03T" action-"SelectBeer.do"• 
Select beer characteristics^' 
select name="color" size= w l" 
<option>light 
Cop tion>amber 
<option>brovm 
<option>darlc 
c/select> 

<center> 

cinput type="SUBMIT"> 

</center> 

</fom> 


“tolor" For tolor-a-ber 


HTTP POST request 


POST /advisor/SelectBeer.do HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; iv:1.4l Gecko/20030624 
Netscape/7.1 

Accept: text/xml,appllcation/xml.applicat lon/xhtml 4-xml,text/html;q=sO,9,text/plain;q-0.8,video/x- 
mng,image/png.image/jpeg,image/gif,q=0.2,*/*;q=0.1 
Accept-language: en us,en;q=0.5 

Accept-Encoding: gzip,deflate n 

£S£TS i k “ "** - 


Connection: keep-alive 



Servlet class 


public void doPost(HttpServletRequest request, HttpServletResponse response) 

throws lOException, ServletException 1 
String coltrParam request.gotParamoter("color"); 

// more enlightening code here... 


) 


(In this exa» p | e , the Str,^ 
colorPara* has a «al u t of "dark’'.) 


t 

This »aUh« 

r,Jr*C m i'** ^ 
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form parameters 


Sending and using TWO parameters 


HTML form 


<form method= 

Select beer 
COLOB; 

-select narae-"color" 
<option>light 
<option>amber 
<option>brovm 
<op tion>dark 
</select> 

BODY: 

select name="body" 
<option>light 
<option>medium 
<option>heavy 

</select> y 

ccenter* 

<input type-"SUBMTT 
</center> 

</form> 


POST" action="SelectBeerTaste.do" 
character istics<p> 


ize-M"> 

Tk. „|| ^ ^ 

1 "I" 1 *- ~U ft, „„ 


HTTP POST request 


POST /advisor/SelectBeerTaste.do HTTP/I.I 
Hoit: www,wickedlysmart.com 

User-Agent: Mozilla/5.0 iMacintosh, U; PPC Mac OS X Mach-O, en-US, rv:1.4l Gecko/20030624 
Nctscape/7,1 

Accept: text/xml.application/xml,applicatlon/xhtml-i-xml.text/html:q=0.9.text/plain;q=0.8,video/x- 

mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q =0.1 

Accept-Language: en-us.en;q=0.5 

Accept Encoding: grip,deflate 

Accept-Charset: ISO-8859-l,utf-8;q=0.7,*;q=0.7 

AII..A. 3rtA 

nccp-nitvc. jwv 


Connection: keep-alive 




- ^ ^ Now the rua, 

color=dark&body=heavjj) ^jra»ele«i ie ? ard ct 


Servlet class 


public void doPost (HttpServletRequest request, HttpServletResponse response) 

throws IOException, ServletException ( 
String o 1 rParam - request.getParameter("color") ; 

String bod,Param request.getParameter ("body") ; Now the String variable dolorPara*. 
// more code here hat a value of “dark" and bodyPara*. 

hat a value o£ “heavy" 
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request response 


~ O You CO ho»o multiple dues « «» ££££?? 

Some form foput types, Me a Zlh^mulZleTalZ decoding 

means a single parameter ( sizes for era p) setecf mufflpte t»w 

- - « 

<form method=POST 

accion-»"SelectBeet. do w > 

Select beer characteristics^^ 

Can Sizes: <p> V alue-"12oz"> 12 oz.<br> 

<input type-checkbox va lue=-16oz"> 16 oz.<br> 

<input type-checkoox name L iue-"22oz , '> 2 2 oz.<br> 

<input type-checkbox name-sizes value 

<br><br> 

<center> 

<input type="SUBMlt > 

</center> 

</form> 

» you, code. youV use M I-**-**-® meino* », -urns ao am* 

stri „, one . request .getParameterValues ("sires"! 101 ; 

Stria, U sires - request.getPsrscterV.iues ( '.ires "I 

„you warn ,0 see «*>«*» in M ana/, **»*«“■ iesling. »««•<« 

String 11 .!» - <»te.r^t.rV.lu.a ("sire. > ^ 

«“«**» «-:.*«it!"™" 9 *'s'c.tii)•• 

nut--pri.ntJ.ni -- 

} 

(assume that “out” <s a Wilder you got from foe response^ 
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the HrtpServletRequest object 


besides parameters, what else 
can I get from a Request object? 

The ServletRequest and HttpServletRequest interlaces have a ion 
of methods you ran call, but you don't need to memorize them all. 

On your own, you mill r should look at the full API for javax.servlet. 
Servlet Request and javax.servlet.htlp.HtlpSrrvlelRequest, hut here 
we'll look at only the methods you're most likely to use in your work 
and which might also show up on the exam). 

In the real world, you'll be lucky (or unlucky, depending on your 
perspectives to use more than I5"«. of the request API. Don't u/orty if 
you aren't ctear about how or why you’d use each of these, we’ll see 
more details on some of them especially cookie*) later in the book. 


The client's platform and browser info 


String client request.getHeader("User-Agent"); 


Tha cookies associated with this request 


Cookietl cookies request.getCookies () ; 


The session associated with this client 


HttpSession session request.getSessionf); 


The HTTP Method of the request 


String theMeth t request.getMethod(); 


An input stream from the request 


IrpctStream inpur request.getlnputStreamO ; 


ServletRequest interface 

Gavax servlet. ServletRequest) 


«interface» 

_ ServletRequest _ 

getAftrrfcutefStningJ 

getContentLengthij 

getlnputStreamf) 

getlocalPortt) 

getRemotePori() 

getServerPort() 

getParameter(String) 

getParameterValuest String) 

getParameterNamest) 

II MANY more methods 

HttpServletRequest interface 

(javax.servlet.http HttpServletRequest) 

_L_ 

«mterface» 

_ HttpServletRequest _ 

getContexiPatht) 
getCoohesO 
getHeader(String) 
nt»tinrt4f>Affari 5ftn'nrvl 

getMethodf) 

getOueryStringO 

getSession() 

II MANY more methods 


122 













request j nd response 




Why would I ever want to get an InputStream from the request? 


A • 

/A* With a GET request there's nothing but the request header info. In other words, 
there's no body to care about. BUT... with an HTTP POST, there's body info. Most of the 
time, all you care about from the body is sucking out the parameter values (for example, 
"color-dark") using request.getParameterO, but those values might be large. It is also 
possible to create a servlet that proceses a computer driven request in which the body 
of the request holds textual or binary content to be processed In this case you can use 
the getReader or getlnputStream methods. These streams will only contain the body of 
the HTTP request and not the headers. 

What's the difference between getHeaderO and get/nfHeader!)? Far as I can 
tell, headers are always Strings! Even the getlntHeader() method takes a String 
representing the name of the header, so what's the int about? 



A ; 

xA* Headers have both a name (like "User Agent" or "Host") and a value (like 
"Mozilla/S.O (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624 
Netscape/7.1" or “www.wickedlysmart.com"). The values that come back from 
headers are always in a String form, but for a few headers, the String represents a 
number The “Content-Length" header returns the number of bytes that make up the 
message-body. The "Max-Forwards" HTTP header, for example, returns an integer 
indicating how many router hops the request is allowed to make. (You might want to 
use this header if you’re trying to trace a request that you think is getting stuck in a 
loop somewhere.) 

You could get the value of the "Max-Forwards' header by using getHeaderO: 

String forwards request.getHeader("Max-Forwards"); 

inf CorwardsNum = Integer.parselnt(forwards); 

And that works fine. But if you know the value of the header is supposed to represent 
an int, you can use getlntHeaderO as a convenience method to save the extra step of 
parsing the String to an int: 


int roiwirosNiini = request. getinaeaoer i nax-rorwaras j/ 


flOj getServerPort(), getLocalPortO, 

The oeiServerPorff) should be obvious ... until you 

Z s ° 

one ft* gelRemolePo*(J. First 


and getRemotePortO are confusing! 

The difference between getLocalPortO a ” d _ 

get Server Port!) is more subfte-ge^™* 0 

says. To which pod was the mqu^ i^g^fySEN 
7XXXX, „ . single pni. 

me server IS listening), the server turns 

finds a different local pod for each thread so that 

app can handle multiple clients at the same time. 
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lifecycle review 


Review: servlet lifecycle and API 


■ The Container Initializes a servlet by loading the class, 
invoking the servlet’s no-arg constructor and calling the 
servlet's init() method 

■ The imt() method (which the developer can override) is 
called only once in a servlet's life, and always before the 
servlet can service any dient requests 

■ The imt() method gives the servlet access to the Serv- 
letConfig and ServletContext ob|ects, which the servlet 
needs to get information about the servlet configuration 
and the web app 

■ The Container ends a servlet s life by calling its destroyf) 
method. 

■ Most of a servlet's life is spent running a service!) method 
for a dient request 

■ Every request to a servlet runs in a separate thread* 
There is only one instance of any particular servlet class 

■ Your servlet will almost always extend javax servlet http 
HttpServlet. from which it inherits an implementation of 
the service!) method that takes an HttpServletRequest 
and an HttpServletResponse. 

■ HttpServlet extends javax servlet CenoncServlet an 
abstract dass that implements most of the basic servlet 
methods 

■ GenencServlet implements the Servlet interface. 

■ Servlet classes (except those related to JSPs) are in one 
of two packages iavax.servlet or javax servlet http 

■ You can override the inrt() method and you must ovemde 
at least one service method (doGetQ. doPostf), etc) 


«mterface» 

javax. servlet.Servlet 

service (ServietRequest ServletResponsel 

init(ServletConfig) 

destroy!) 

getSerdetConUg!) 

getServletlnfoO 

-Z£- 
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request md response 


Review: HTTP and HttpServletRequest 


■ The HttpServlet's doGet() and doPost() methods take an 
HttpServletRequest and an HttpServletResponse 

■ The service() method determines whether doGet() or 
doPost() runs based on the HTTP Method (GET. POST, 
etc.) of the HTTP request 

■ POST requests have a body GET requests do not. 
although GET requests can have request parameters 
appended to the request URL (sometimes called ‘the 
query stnng"). 

■ GET requests are Inherently (according to the HTTP 
spec) idempotent They should be able to run multiple 
times without causing any side effects on the server GET 
requests shouldn't change anything on the server. But 
you could write a bad non-idempotent doGet() method 

■ POST is inherently not idempotent. so it s up to you to 
design and code your app in such a way that if the client 
sends a request twice by mistake, you can handle it 

* If an HTML form does not explicitly say method=POSr, 
the request is sent as a GET. not a POST If you do not 
have a doGet() in your servlet, the request will fail 

■ You can get parameters from the request with the 
getParameterfparamnaroe') method The return value is 
alwavs a Strina 

—. . j . .. — o 

■ If you have multiple parameter values for a given param¬ 
eter name, use the getParameterValues(' paramname') 
method that returns a Stnng array. 

■ You can get other things from the request object including 
headers, cookies, a session, the query string and an 
input stream 


ServletRequest interface 

(javax servlet ServletRequest) 


«in<erface» 

_ ServletRequest _ 

geWttrihutefSfnng) 

getContentLength() 

getbputStreamt) 

getLocatPodft 

getRemotePortll 

getSermPoriO 

getParameteriStnngl 

getParameterVatuesiStnngl 

getParameterNamesi) 

II MANY more methods 

HttpServletRequest interface 

(javax servlet http HttpServletRequest) 

_L__ 

«interface» 

_ HTTPServletReques t _ 

getContextPath() 

gotCook>9s() 

getHeaderfStnngl 

gettntl leadeifStringl 

getMethodd 

geiQueryStnngO 

getSession() 

II MANY more methods 
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the HttpServletResponse object 


So that's the Request... 
now let's see the Response 

The r<-sjM iiikc- is whal gors hark 1“ I lie client. Thr 
thing the hrmvsrr gets, parses, and renders lor the 
user Typically, you use the response object to get 
an output stream usually a Writer] and you use that 
stream to write the HTML pi some other type of 
content that goes hack to the client. The response 
ohjei t has other methods besides just the I/() 
output, though, and we’ll look at some ol them in a 
hit more detail. 


ServletResponse interface 

(javax servlet.ServletResponse) 


«mtedace» 

ServletResponse 


getBufierSizef) 
setContentTypef) ' 
getOutputStreemt) > 
getWriterl) ^ 

setContenttengthO 
II MANY more methods 


[These a« *** V* 
«ost t 


T 


HttpServletResponse interface 

(javax servlet http HttpServletResponse) 

_I_ 


«intedace» 

HttpSarvlatRaspnnsa 


addCooktef) 

addHeedeitl 

encodeURL() 

sendErmrt) 

set Status!) 

sendRedrredf) 

//MANYmore methods 




Most of die time, you use the 
Response just to send data 
back to die client. 

You call two methods on the 
response- s etContentTVPeQ 
and getWriter(). 

After that, you’re simply 
doing I/O to write HTML (or 
something else) to the stream. 

But you can also use the 
response to set other headers, 
send errors, and add cookies. 
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request m< response 


Wait a minute... I 
itiuuylil we weren't yemy 
to send HTML from a servlet 
because it's so ugly to format 
it for the output stream... 



Using the response for I/O 

OK. yes. \vc should be usingJSPs rather than 
sending HTML back iit the response output 
stream front a servlet. Formatting HTML to 
stick in an output stream's printlnO meiliocl 

hurts. 

But that doesn’t mean you'll never have to 
work with an output stream from your servlet.. 

Why? 

1) Your hosting provider might not support 
JSPs. T here are plenty of older servers and 
containers out there that support servlets hut 
not JSPs. so you're stuck with it. 

21' You don’t have the option of using JSPs for 
some other reason, like, you have an incredibly 
stupid manager who won’t let you use JSPs 
Iicauisc in l'J'.W his brother-in-law told him 
that JSPs were bad. 


3) Who said that III ML was the only thing you 

enidrl send hark in a response ‘ N on might senr] 
something uthrr than H l .ML back to the client. 
Something for which an output stream makes 
perfect sense. 


him the pagr for mi rximplt... 
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sending bytes in the Response 


Imagine you want to send a JAR to the client... 

Let's say you've treated a download page where the elieitt can get code 
from.JAR file*. Instead of sending back an HTML page, the response 
contains the bytes representing tile.JAR. You rtad the bytes ol the.JAR file, 
then writ? them to the response's output stream. 


© 


Dione ts desperate to download the 
JAR of code for the book she’s using 
to learn servlets and JSPs. She 
navigates to the book's website and 
clicks the "code jar” link, which refers 
to a servlet named "Code.do". 




Browser sends on HTTP 
request to the server with 
the name of the requested 
servlet (“Codedo") 


The Container sends the 
request to the CodeReturn 
servlet (mapped to the 
name “Code do” in the DD) 
for processing 




The JAR starts downloading 
™ onto the client's machine 
Diane is pleased 


The CodeReturn servlet gets the 
bytes for the JAR, then gets an 
output stream from the response 
and writes out the bytes 
representing the JAR. 
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request response 


Servlet code to download the JAR 


//a bunch of imports here 

public class CodeReturn extends HttpServlet ( 


public void aoGet(HttpServletRequest request, HttpServietResponse response) 

throws IOException, ServletException I 


) 


response.setContentType("application/jar") 


Se rv1e tCon text 

Inputstream is 


ctx - getServletC*ntext(> ; 

■ ctx.getResourceAsStream("/bookCode.jar") 




lnt read = 0; 

byte|] bytes = new byte;1024]; 



OutputStream os ■ response,getOutputStream() 
while ((read ■ is.read(bytes)) !« -1) { 
os.write(bytes, 0, read); 

) 

os .flush () ; 
os.close(); 


Here's iKe key pari but it's just pUm 
old I/O 11 Nothing sptcal, just read tbe 
JAR byt«. tKen wr,te iWe bytes to 
the OO tput stream tKat we yt from 
the response object 


Du ni Imbues! ions 


Where was the "bookCode.jar" JAR file located? In other 
words, where does ihe geiResourceAsSireami) meihod LOOK io 
find the file? How do you deal with the path? 


A i 

The getResourceAsStreamO requires you to start with a 
forward slash ('/*), which represents the root of your web app. 
Since the web app was named JarDownload, then the directory 
structure looks like the directories in the picture. The JarDownload 
directory is inside webappt (as a peer directory to all the other 
web app directories), then inside JarDownload we put the WEB- 
INF directory, and the code JAR itself. So the file'bookCode.jar" 
is sitting at the root level of the JarDownload web app. (Don't 
worry, we ll go into deep penetrating details about the deployment 
directory structure when we get to the deployment chapter.) 



bookCodc.jor 


web xml 
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content ype 


Whoa. What's the deal with content type? 


You might ho wondering about iliis line: 

response.setContentType("application/jar "); 


Or iii least you should l>e. You have to tell the browser what you’re sending back, so the 
browser can do the right thing: launch a “helper” app like a PDF viewer or video 
player, render the 111 ML. save the bytes ol the response as a downloaded lile, etc. And 
since you’re wondering, yes when we sav ><>ntnit type we mean the same thing as MIME 
type. Content type is an HTTP header that must be included in the HTTP response. 




, Here's my response 
Q to your request. Its type 
\ is video/quicktime and in your 
request you said that was OK 
(. And despite my trust issues, 
'v I believed you. 


HTTP response 

I l,r »' '*»J\ 

__ 1 ntSnsrfWf— 

I I ■ 

I I «w<nuH> ■ 

I I J HUud| U ■ 

I I *~*«*i*,. m 


Server/Container 



Common MIME types 

text/html 

appheation/pdf 

video/quicktime 

application/java 

image/jpeg 

application/jar 

application/octet-stream 

application/x-zip 



You don’t need to memorize a bunch of content types. 

O You should Know what setoontent lype() does, and how you use it. Put you 
don't have to Know even the most common content types except text/html 
What you need to know about setContentTypef) is mostly common sense 
pk 1 , for example. it won't do you any good to change the content type 

HCJ^X AFTER you write to the response output stream. Duh. But that does 
mean that you can t set a content type write some stuff, and then 
change the content type and write something different. But think about 
it—how would the browser deal with that? It can handle only one type of THING at a 
time from the response 

To make sure everything works correctly, your best practice (and in some cases a 
requirement) is to always call setContentTypeO first. BEFORE you call the method that 
gives you your output stream (getWnterf) orgetOutputStreamQ). That II guarantee you 
won t run into conflicts between the content type and the output stream 
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request ind response 


cfcir<S,esttotM 


0 = 

Why do you have to <>t th» content 
type? Can't servers figure it out from the 
extension of the file? 


A: 

Most servers can. for static content. 

In Apache, for example, you can set up MIME 
types by mapping a specific file extension 
(,txt, .jar, etc.) to a specific content type, and 
Apache will use that to set the content type 
in the HTTP header. But we're talking about 
what happens inside a servlet where there IS 
no file! You’re the one who is sending back 
the response: the Container has no idea what 
you're sending. 


O: 

VA, But what about that last example 
where you read a specific JAR file? Can’t the 
Container see that you're reading a JAR? 


A * 

No. All we did from the servlet was 
read the bytes of a file (that just happened to 
be a JAR file), and turn around and write those 
bytes to the output stream. The Container has 
no idea what we were up to when we read 
those bytes. For all it knows we re reading 
from one type of thing and writing something 
completely different in the response. 


How can I find out what the common 
content types are? 

A; 

Do a Google search. Seriously. New 
MIME types are being added all the time, but 
you can easily find lists on the Web. You can 
also look in your browser preferences for a list 
of those that have been configured for your 
browser, and you can check your Web server 
configuration files as well, Again, you don't 
have to worry about this for the exam, and it's 
not likely to cause you much stress in the real 
world either. 


Wait a second... why would you use a 
servlet to send back that JAR file when you 
can just have the web server send it back as 
a resource? In other words, why wouldn't 
you have the user click a link that goes to 
the JAR instead of to a servlet? Can't the 
server be configured to send back the JAR 
directly without even GOING through a 
servlet? 

Yes. Good question. You COULD 
configure the web server so that the user 
clicks an HTML link that goes to, say. the JAR 
file sitting on the server (just like any other 
static resource including JPEGs and text 
files), and the server just sends it back in the 
response. 

But... we're assuming that you might have 
other things that you want to do in that 
servlet BEFORE sending back the stream. You 
might, for example, need logic in the servlet 
that determines which JAR file to send. Or 
you might be sending back bytes that you're 
creating right there on-the-fly. Imagine a 
system where you take input parameters from 
the user, and then use them to dynamically 
generate a sound that you send back. Sound 
that didn't previously exist. In other words, 
sound that's not sitting on the server as a file 
somewhere. You just made it up, and now 
yuu'ie sending it Pack in the response. 

So you're right, perhaps our example of just 
sending back a JAR sitting on the server is 
a little contrived, but come on... use your 
imagination here and embellish it with all 
sorts of things you might add to make it worth 
being a servlet. Maybe it's something as 
simple as putting code in your servlet that— 
along with sending back the JAR—writes 
some info to a database about this particular 
user. Or maybe you have to check to see if he's 
even allowed to download this JAR, based on 
something you first read from the database. 
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PrintWriter and OutputStream 


You've got two choices for output: 
characters or bytes 

Tlii' is jnsi plain <>|<l java.in. except (In* ServleiResjmnxe interface 
givrs vou only two streams lo choose from: ScrvletOulputStreain 
for bytes, or a PrintWriter for character data. 


► PrintWriter 


Example: 

PrintWriter writer - response, 


getWriter() 


writer 


println 


"tome text and HTML"I; 


Use it for: 

IViniing text data to a character stream. Although you 
am still write character data lo an OutpuiStream, this 
is the stream that’s designed to handle character data. 


► OutputStream 


Example 

ServletOutputStream out = response. 


getOutputStream() 


write 


out 

Us* it for: 

Writing anything fist! 


abyteArrayj ; 


F/l The fVmtiVrrter actually "wraps” the 
ServletOutputStream Ik other words, the fVmtlVnter has 
a reference to the ServletOutputStream and delegates calls 
to it There's just 0KB output stream back to the client, 
but the PrmtlVrrter “decorates" the stream by adding 
higher-level character-friendly methods 


You MUST 
memorize 
these methods 

You have to know these for the 
exam. And it's tncky Notice that to 
write to a Sen/fefOutputStroam 
you writef) but to write to a Print- 
Writer you prinUn()l It s natural 
to assume that you write to a writer 
but you don 1 If you already use 
java.io, then you’ve been down 
this road But if you haven 't, just 
remember: 


printlnf) to a PrintWriter 
write() lo an ServletOutputStream 

Make sure you remember that 
the method names for getting the 
stream or the wnter both drop the 
first word in the returned type: 

ServletOutputStream 
response c/efOutputStream() 

PrintWriter 
response getWriterQ 

You need to recognize WRONG 
method names like: 


these are 



Stream!) | ^ ^ 


■iterf) 
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request ind response 


You can set response headers, 
you can add response headers 

And you can wondrr what die difference is. Bui iliiuk 
about ii for a second, (lien do this exercise. 


Match the method call Draw a line from the HttpResponse method to the method's behavior 
with its behavior We did the most obvious one for you 



Adds a new header and value to the response, or adds 
an additional value to an existing header 

A convenience method that replaces the value of an existing 
header with this integer value, or adds a new header and 
value to the response 

If a header with this name is already in the response, the 
value is replaced with this value Otherwise, adds a new 
header and value fo the response 


Pretty obvious when you see them all together. 

But for the exam. Volt should have them memorized so that if 
next Tuesday the guv down the hall asks. “What's that response 
method that lets me add a value to an existing header?" you 
can, without the slightest pause, say "It's addHeader, and it 
takes two Sitings for the name and value."Just like that. 

Both setHeadei i and addHenderi | w ill add a header and 
Value to the response if the header i the first argument to 
the method is not a I reads in the response. The difference 
between net and add shows op when the header is there. In 
I hat case: 

wt'/HcaderO overwrites the existing value 

«</</Header() adds an additional value 

When you call setConientType(‘”text/htmr . you're setting a 
header just as if you said: 

setHeadei "content-type”, “text/himl"}; 

So what's the dilTerence? No difference... os sum tug you type the 
“rontmt-tr/ir” liradit inrmtly. The set Header mrthod won't 
complain if you misspell the header names it just thinks 
you’re adding a new kind of header. Bui something else w ill 
fail later, because now you haven't properly set the content 
type of the response! 



/V\&V.t ft St»tk ie#* 

There was o response from 

^headers and guile a payload 

Not one header l tell you 

had more than one value 

for setHeadert) was used in the code 

(as opposed to oddHeaderO. get n?) 


(Tk« f mi. perron ie vend i»l Jn »pi file of ihn» 
actually reZiirn^ this poen>, wik ike nyki 

i*d ererytkw^, yetr i tptZol edition t-vkirt) 
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request 


Put sometimes you just don't want to 
deal with the response yourself... 

You i ;»n < ln tow ii> have something else handle ilu* response for 
ymir request \’<»u ran rilhcr redirect the request to a tomplrlrlv 
different f Rl.. or you con dispatch the request to some other 
component in your web upp (typically a JSP 


Redirect 


© 



( 3 ) The servlet decides that 
the request should 90 to a 
completely different URL 


( 2 ) The request goes to the 
server/Container. 


Client types a URL 
browser bar.. 


into the 


(gN The browser gets the response sees 
^ the “301" status code, and looks for a 


"Location" header 




■ 


1 



r 

[ 

, — 

4 

•mm m 


1 1 t 1 1 1 T - y 

, J i 1 1 1 W -\ 


© 

The HTTP response has 
a status code *301" and 
a "Location” header 
with a URL as the value 



© 

The servlet calls 
sendRcdirect(aString) on 
the response and that's it 
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request m. response 




The browser makes a new request 
using the URL that was the value of 
the "Location" header in the previous 
response The user might notice that 
the URL in the browser bar changed... 


© 

There's nothing unique 
about the request, even 
though it happened to be 
triggered by a redirect. 





The HTTP response is just 
like any other response... 


The browser renders the 
new page. The user is 
surprised. 


© 

The server gets the thing 
at the requested URL. 
Nothing special here. 



you are here ► 


135 







servlet redirect 


Servlet redirect makes the browser do the work 


A redirect lets the servlet till lilt hook completely. Alter deciding that it can't do 
the work, the servlet simply calls the srndRrHtmt() method: 


if (worksForMe) ( 

// handle the request 
J else | 

response.sendRedirect("http://www.oreilly.com"); 


1 


t 


URL ^ ** 

,t UK 1 - r l TWs i» 


usr kor 


Using relative URLs in sendRcdirectO 


You i an use a relative l ■ RI. as the argument to sendRedirect(, instead of specifying 
the whole “http://www..." tiling. Relative URL* tome in two flavors: with or 
without a starting forward slash i 


Imagine the elient originally typed in: 

http:/ /www. w i ckedi y sma r t. com/myApp / c :■ ol / ba r. do 


When the request comes into the serv let named “bat*lo“. t 
scndRcdirccti with a relative URL that docs NOT slirt w 

sendRedirect("foo/stuff.html/); 


I'he Container builds tire lull L Rl. it needs lliia foJlhe ”1 
puts in the HTTP response relative to the original lequest] 


e servlet calls 
1 a forward slash: 


rention ' header it 

URL: 


The 

,( s^ov* d<»" t r ^ rath 

“C-T/Xff hW 


http://www.wickedlysmart.ccni/myApp/c?:!/foo/stuff.html 


But il (he argument to scndRedirecti DOES start with a forward slash: 

-. The forvrard slirh it the 

sendRedirect ("/foo/stuf f. html"); ^-be^mr,.^ -eim “relative to the 

root of thu web Container", 

The Container builds the complete URL relative to the web Container itself, instead 
of relative to the original URL of the request. So the new URL vs ill lie: 


http://www.wickedlysmart.com/foo/stuff.html 


"?oo H « a web a??. ( 
feo~ the “"A? 


separate 
*<eb ay? 
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You can’t do a 
r u ^ ■ sendRedirectO 

Wch it! after writing to the 
response! 

That's probably obvious, but it's the LAW so 
we re just making sure 
If you look up sendRedirectO m 
the API. you II see that it throws an 

IliegalStateException if you try to invoke 

it alter The response has already been 
committed 

By"committedthey mean that the 

response has been sent That just means 

the data has been flushed to the stream 
For practical purposes, it means you can 

write to the response and then call 
sendRedirect()l 

But some picky professor will tell you that 
technically, you could vmte to'Jes/ream 
without flush,ng. and then sendRedirectO 
wouldn't cause an exception. But it would 
be a completely stupid thing to do. so we 
won 't talk about ,t. (Except that we just did 

talk about it...) 

In your servlet, for gosh sakes make a 
decision' Ether handle the request or do 
a sendRedirectO to have someone ELi>E 

handle the request 
(By the way. this idea that “once it s 
committed it s too lato" also applies to 
setting headers, cookies, status codes, the 
content-type, and so on .) 


"C 3 Stri ° 9 ' 

a—* 
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request dispatch 


A request dispatch does the work 
on the server side 


Ami ihiilN the Ini; dUTirrnce between a rrdirecl and .1 request dispatch mlirnt 
makes the rlitnl do 1 lit* work while rrqursI dispatch makes something else on the 
srrrrr do the work. So remember redirect - rlimt, request dispatch = unri. 
WV'U say mon about request dispatch in a Liter chapter, but these two pages 
should give you a quick look at the highlights. 


Request Dispatch 



-^ 

* 


© 


The browser gets the response in the 
usual way. and renders it for the user 
Since the browser location bar didn't 
change, the user does not know that 
the J5P generated the response. 


(?) The servlet calls 

RequestDispatcher view = 

request.getRequestPispatcher("result.isp"); 
view.forward(request,response); 

and the JSP takes over the response 



result.jsp 
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request in- response 


Redirect vs. Request Pispatch 



When o servlet does a redirect, it's like 
asking the client to call someone else 
instead. In this case, the client is the 
browser, not the user. The browser makes 
the new call on the user's behalf, after the 
originally-requested servlet says, “Sorry, 
coll this guy instead ." 

The user sees the new URL in the browser 




Request 

Dispatch 


When a servlet does a request 
dispatch, it's like asking a 
co-worker to take over 
working with a client. 

The co-worker ends up 
responding to the client 
but the client doesn't 
care as long as someone 
responds. 


The user never knows 
someone else took over, 
because the URL in the 
browser bar doesn’t 
change 
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Review: HttpServletResponse 


BULLET POINTS 

■ You use the Response to send data back to the client 

■ The most common methods you'll call on the response ob|ect 
(HttpServletResponse) are setContentType<) and getWnter() 

■ Be careful—many developers assume the method is getPw)fWnter(), but 
it’s getWriter() 

■ The getWnter() method lets you do character I/O to wnte HTML (or 
something else) to the stream 

■ You can also use the response to set headers, send errors, and add 
cookies 

■ In the real world, you II probably use a JSP to send most HTML 
responses, but you may still use a response stream to send binary data 
(like a JAR file, perhaps) to the client 

■ The method you call on your response for gening a binary stream is 
getOutputStream() 

■ The setContentType() method tells the browser how to handle the 
data coming in with the response. Typical content types are "text/html", 
‘applicatiorvpdf", and "image/jpeg' 

■ You don't have to memorize content types (also known as MIME types) 

■ You can set response headers using addHeader() or setHeader() 

The difference depends on whether the header is already part of the 
response If it is, sefHeader() will replace the value, but acfdHeader will 
add an additional value to the existing response If the header is not 
already part of the response, then setHeaderf) and addHeader() behave 
in exactly the same way 

■ If you don t want to respond to a request, you can redirect the request to a 
different URL. The browser takes care of sending the new request to the 
URL you provide 

■ To redirect a request, call sendRedirect(aStnngURL) on the response 

■ You cannot call sendRedirect() after the response is committed' In other 
words, if you've already wntten something to the stream, it's too late to do 
a redirect 

■ A request redirect is different from a request dispatch A request dispatch 
(covered more in another chapter) happens on the server while a redirect 
happens on the client A request dispatch hands the request to another 
component on the server, usually within Ihe same web app A request 
redirect simply tells the browser to go a different URL. 


ServletResponse interface 

(javax. servlet ServletResponse) 


«lnterface» 

ServletResponse 

gelButferSizeO 
setContentTypet) 
getOutputStreamO t 
getWriter() ^ 

setContentLengtb() 
//MANY more methods 


T 


HttpServletResponse interface 

(javax servlet http HttpServletResponse) 

_I_. 

«mterlace» 

HttpServletResponse 


addCookiei) 

addHeaded) 

encodeilRLi) 

sen<£rror\l 

setStatusO 

sendReOirectd 

//MANY more methods 
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'TJtodc &xoMt (^Aafitex 4 


How would servlet code from a service method ic.g.. doPost() retrieve the 
value of the "User-Agent” header from the request? Choose all that apply.; 

Q A. String userAgent = 

request.getParameter("User-Agent"); 

Q B. String userAgent = request.getHeader("User-Agent") ; 

—) t'.. String userAgent = 

request.getRequestHeader("Mozilla"); 

□ D. String userAgent = 

getServletContext().getlnitParameter("User-Agent"); 


Which H ITP methods are used to show the client what the server is receiving? 
(Choose all that apply.) 

□ A. GET 

□ B. PUT 

□ C. TRACK 

□ I) RETURN 

□ E. OPTIONS 


Which method of HttpServletResponse is used to redirect an HTTP 
request to another URL? 

□ A sendURLO 

—) B redirectURLO 
LI C redirectHttp() 

□ 1). sendRedirect () 

GJ t getRequestDispatcher() 
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W hich HTTP methods are NOT considered idempolctu? (Choose all that 
4 apply.) 

□ A. GET 

□ B. POST 

□ C. HEAD 

□ I). PUT 


(»iven req is a HttpServletRequest, which gets a binary input stream? 
(Choose all that apply.! 

G A. BinarylnputStream s ■ req.getlnputstream (); 

G B. ServletlnputStream s = req.getlnputstream(); 

G C. BinarylnputStream s = req.getBinaryStream(); 

G D. ServletlnputStream s ■ req.getBinaryStreamO ; 


How would you set a header named CONTENT-LENGTH" in the 
HttpServletResponse object? Choose all that apply 

□ A. response.setHeader(CONTENT-LENGTH,”1024"); 

□ B. response.setHeader("CONTENT-LENGTH","1024"); 
G C. response.setstatus(1024); 

□ D. response.setHeader("CONTENT-LENGTH",1024); 


Choose the servlet rode fragment that gets a binary stream lor writing an image 
or other binary type in the HttpServletResponse 

G A. java.io.PrintWriter out = response.getWriter(); 

G B. ServletOutputStream out ■ response.getOutputStreamO ; 

G C. java.io.PrintWriter out = 

new PrintWriter(response.getWriter()); 

G D. ServletOutputStream out = response.getBinaryStream ( ) ; 
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Which nwihtxl* art* used by a servlet to handle form data from a client? 
I Choose all that apply. 

^ V Http3ecvlet.duHead)) 

LJ B. HttpServlet.doPost() 

_) ( HttpServlot.doFormO 
L) I) ServletRequest.doGet!) 

LI 11. ServletRequest.doPost!) 

LI T. ServletRequest.doFonn() 


Which "I the following mrlhods arc declared in HttpServletRequest as 
opposed to m ServletRequest.’ i Choose all lhat apply.) 

LI A. getMethodO 
LI B. getHeader () 

LI C getCookies() 

LI D. getlnputs treats () 

—1 K. getParaineterNamcs () 


How should servlet developers handle the HttpServletservice!) 
method when extending HttpServlet)' i Choose ;UI lhat apply 

O A. They should override the service!) method in most cases. 

LI B. They should call the service!) method from doGet() 01 doPost () 
LI C. They should call the service!) method from the irxit() method. 

L I). Thev should merride at least one doXXX() method (such as 
doPosci) 
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lid 





1 


Huvv would servlet code from a service method le.g.. doPostO retrieve the 
value of the "lAei-Aneiil" header from the request? (Choose all that apply.; 


□ A 

^ B. 

□ C. 

□ D. 


String userAgent = 

request.getParameter("User-Agent"); 

String userAgent = request.getHeader("User-Agent"); 

String userAgent = 

request.getRequestHeader("Mozilla"); 

String userAgent = 

getServletContext() .getlnitParameter("User-Agent") ; 


(API) 


-Optic* B shows the 
tarrtti method til' 
passing in the header 

„ame as a String 


. f uc /t HTTP methods) 

Which Hill* methods are used to show the client what the server is receiving? I, ' ir 1 
(Choose .ill dial apply. 

□ A. GET 

□ B. PIT 

M c. TRAt :K _Thu method is typ*al!y used for 

D RETURN troubleshooting not for fwrodudtion 

□ E. OPTIONS 


Which method of HttpServletResponse is used to redirect an HTTP 
request to another URL? 

□ A. sendURLO 

□ B. redirectURLO 

Ll C. redirectHttpO . _ , , r u 

r-i - Option P »S torrett, and of the 

*• D. sendRedirect() methods listed, it's the only one that 

Q E. getRequestDispatcher() enists in HttpServletResponse 


(API> 
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Which M ITP methods arc N() I considered idempotent? (Ihoosr all that 
apply., 


□ A. GET 
l£ B. HOS'l 

□ C. HEAD 

□ D. PIT 


Jbs, design, POST 


Wf A - , 

re «yrfsti) 


Given req is a HttpServletRequest, which gets a binary input stream? (API) 

(Choose ill that apply. 

G A. BinaryInputStream s ■ req.getlnputstream(); ^ ^ 

^ B. ServletlnputStream s - req.getlnputStreamO ; ^ ‘the 

G C. BinarylnputStream s = req. getBinaryStreamO ; iorre tt return tyy< 

G D. ServletlnputStream s ■ req.getBinaryStreamO; 


6 


H«m would you set a headrr named “CONTENT-LENGTH" in the 
HttpServletResponse object? Choose all that apply.) 

□ A. response.setHeader(CONTENT-LENGTH r "1024"); 

'A B. response. setHeader (''CONTENT-LENGTH", "1024") ; 
G C. response.setStatus(1024); 

G D. response.setHeader(''CONTENT-LENGTH", 1024); 


(API) 


■ 10 n 2> shows the Correct 
'to set an HTTP header 
S two String yaran-eters. 


7 


Choose the servlet rode Fragment that gets a binary stream for writing an image 
or other binary type to the HttpServletResponse 

G A. java.io.PrintWriter out = response.getWriter(); 
ar B. ServletOutputStreara out ■ response.getOutputStream(); 

G c. java.io.PrintWriter out = 

new PrintWriter(response.getWriter()); 


(API) 

—Oftion A I* inCorreCt 
because it uses a 
character-oriented 
FVmtvVnter 


G D. ServletOutputStreara out = response.getBinaryStreamO ; 
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Which methods arc used hy a scrvlci in handle form data from a client? 
I Choose all that apply. 

A HttpSeirvlet. duHead () 

53 B. HttpServlet.doPost() 

Cl C. HttpServlet.doForm d 

□ I). ServletRequest.doGet() Methods d<»'t 

Q K ServletRequest.doPost() e *irt 


L) F. ServletRequest.doForm d 


Which of llir following methods .ire declared in HttpServletRequest as 
opposed to in ServletRequest’ (Choose all that apply.) 

J A. getMethod() , n 

-/• . -Options ft, B, and C all 

Jd B. getHeader () relate ^ of an 

M C. getCooldesO H^7| revest 

□ 1). gotlnputStream 0 

J K. gc tPararr.oterNames () 


Mow should servlet developers handle the HttpServlet’s serviced 
method when extending HttpServlet.’ (Choose all that apply 

Q A. They should override the serviced method in most cases. 

J B. I hey should call the serviced method from doGet0 or doPost0 
^ C. They should tall the serviced method front the initd method. 

J I), They should override at least one doXXX 0 method (such as 


( APP 


ao^ost \) 


-Cation D ts torrtti, 
developers typically +o£us o 
the do^etO, and doPostO 
"•ethods 
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Being a Web App 



No servlet stands alone. In today s modern web app many 

components work together to accomplish a goal You have models, controllers, 
and views. You have parameters and attributes. You have helper classes 
But how do you tie the pieces together? How do you let components share 
information'? How do you hide information? How do you make information thread- 
safe ? Your life may depend on the answers, so. be sure you have plenty of tea 
when you go through this chapter And not that toofy herbal decat crap 


this Is a new chapter 
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offical Sun exam objectives 


OSJIKTWES 



The Web Container Model 


Coverage Notes: 


3.1 For the servlet and ServletContext initialization 
parameters: write servlet code to access 
initialization parameters, and create 
deployment descriptor elements for declaring 
initialization parameters. 

3.2 For the fundamental servlet attribute scopes 
(request, session, and context): write servlet 
code to add. retrieve, and remove attnbutes, 
given a usage scenano. identify the proper 
scope for an attnbute; and identify multi¬ 
threading issues associated with each scope 


3.3 Describe the elements of the Web container 
request processing model: Filter. Filter chain. 
Request and response wrappers, and Web 
resource (servlet or JSP page) 


All oj the objectives in this section me covered 
completely in this chapter ; with the exception of 
3.3, which is covered in the Filters chapter. 

Most of what's in this chapter will conn up in 
other parts oj the hook, hut ij you're Inking lire 
exam. THIS is the chapter where we expect you 
to learn and memorise the objective topics. 






3.4 Describe the Web Container lifecycle event 
model for requests, sessions, and web 
applications: create and configure listener 
classes for each scope life cycie. create and 
configure scope attribute listener classes: and 
given a scenario, identify the proper attribute 
listener to use. 


3.5 Describe the RequestDispatcher mechanism: 
write servlet code to create a request dispatcher; 
wnte servlet code to forward or include the target 
resource; and identify the additional request- 
scoped attributes provided by the container to the 
target resource. 
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I want my email address to 
show up on the beer web page my 
servlet makes but I think my email 
is gonna change and I don't want 
to have to recompile my servlet 
code just to change it... 




Kiw wants to configure his email 
address in the PR not hard-code it 
inside the servlet class 

Here's what Kim docs not want in his servlet: 

PrrntWriter out * response.getWriterO; 

out.printin("blooper@wickedlysmart.com") 


/ 


MD ' , 

He'll have to retw»r e - 

He'd nun li rather put liis entail address in 
the Drploymrnt Dtscnptor (web.xml file) so that 
when hr drnlnvs his weh arm his srrvlrl ran 

. ' l -. .. Tt.. . 


somehow "read” his entail address from the 
DU. That way, he won’t have to hard-code 
his address in the servlet class, and to change 
his email he modifies only the weh.xml file. 
without fur, inf; 1,1 t° u <h his srrrlrl sourrr codr. 
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init parameters 


Init Parameters to the rescue 

You've already seen the request parameters that can 
tome ovei in a do(»et() or doFost;), hut sen lets ran 
have initialization parameters as well. 


In the DP (web.xml) file: 


«servlet ■ 

<sorvlet-nante>Be«irParamTests</servlet-nanio> 
<servlet-class »TestInltParains</servlet-claas- 


v«.r e ’ ta?avd rTr^c 

^ £T*w«* *■ 


<init-param> 

<param-nante>adminEmail</param-nanie> 

<paraxn-value>likewecare8wickedlysmart. com</parant-value> 
</init-param> 


•/servlet 


In the servlet code: 


getServletConfig () . getlnitParameter ("adminEmail") 

? TV ****#■££ . - ‘ M 

me b>od >« 
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You can't use servlet init parameters 
until the servlet is initialized 


You already saw that your servlet inherit* gclServlelConfigi), 
so you ran call that from any method in your servlet to t*ri a 
reference m a ServletConfig. < )nce you have a ServlrtConlig 
reference, you can call getlnilParnmeterH. But remember, 
you ern't alii it from jour lon.Unutor! That's too early in the 
seiVlel's life... it Won’t have its lull sei\|elness until the 
Container * ;«lls init 


* h,s iw __i 

‘°° *oor> ^ 


does not exist 


c?> 


constructor 


TV.rt a init(ServletConfig) 

det y^ ** 


secs 

Scrx' 




destroy() 


8y tk< im. t y* !evv | ft 

• «W0, rt«J *, 

Jot o 



serviceQ 


riumP Question?! 


Wlien the Container 
initializes a servlet, 
it makes a unique 
ServletConfig for the 
servlet. 

The Container “reads” 
the servlet init 
parameters from the 
DD and gives them to 
die ServletConfig, then 
passes the ServletConfig 
to the servlet’s init() 
method. 


Way back in the last chapter, you said it takes 
TWO things for the servlet to become a card-carrying, 
fez-wearing servlet. You mentioned both ServletConfig 
and something called ServletContext. 


A: 

OK, yes, we ll look at the ServletConfexf in just a few 
pages. For now, we care only about ServletConfig, because 
that's where you get your servlet init parameters, 


O: 

'C Wait a minute! In the last chapter you said that 
we could override the init{) method, and nobody said a 
word about the ServletConfig argument! 


R : We didn't mention that the imt() method takes a 
ServletConfig because the one you override doe$n't take 
one. Your superclass includes two versions of init(), one 
that takes a ServletConfig and a convenience version that's 
a no-arg. The inherited init(ServletConfig) method calls the 
no-arg inrtO method, so the only one you need to override 
is the no-arg version. 

There's no law that stops you from overriding the one 
that takes a ServletConfig, but if you DO, then you better 
call super.init(ServletConfig)! But there's really NO reason 
why you need to override the init(ServletConfig) method, 
since you can always get your ServletConfig by calling your 
inherited getServletConfigO method. 
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The servlet init parameters are read only ONCE— 
when the Container initializes the servlet 

Wlirn die Container makes a sen lei, it reads the DD and creates die 
namc/value pairs lor tin* ServletConfig. The Container never reads the init 
parameters again! < hue the parameters are in the ServletConfig, they won't In¬ 
road again until/unless you redeploy the servlet. Think about that. 


© 


Container reads the Deployment Descriptor 
for this servlet, including the servlet init 
parameters (<init-param>). 


Container 

read-^ 

r 






web xml 


© 


Container creates o new ServletConfig 
instance for this servlet. 


Container 


r 


new 


X) 

ServletConfig 


( 3 ) Container creates a name/value pair of ( 4 ) Container gives the ServletConfig references 

Strings for each servlet init parameter to the name/value init parameters 

Assume we have only one 




© 


Container creates a new instance of the 
servlet class 


(6) Container calls the servlet's init() method, 

passing in the reference to the ServletConfig. 


Container 


new 


-o 

instance of 
MyScrvlet.class 


Container 


3 ^ 

Servle*- |fj 
Contig W 
String 

init(ServletConfig) —| 

\J 

instance of 
MyServlet class 
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Lm 0 Ilf.tL T-*1-• 

± ^ V If 1111 KJIIII <11, Hint* OfM <1 

one-button, really simple admin tool 
for deployment and redeployment 
(although there is an admin tool that 
ships with Tomcat). But think about 
it—what’s the worst you have to do to 
change the servlet's init parameters? 
You make a quick change to the web. 
xml file, shut down Tomcat (bin/ 
shutdown.shl, then restart Tomcat 
(bin/startup.sh). On restart, Tomcat 
looks in its webapps directory, and 
deploys everything it finds there. 


Sure it's easy to tell Tomcat 
to shutdown and startup, but 

what xhnut thp wpb app« that xrp 

running? They all have to go down! 

.A." Technically, yes. Taking your 
web apps down so that you can 
redeploy one servlet is a little harsh, 
especially if you have a lot of traffic 
on your web site. But that's why 
most of the production-quality Web 
Containers let you do a hot redeploy. 
which means that you don’t have to 
restart your server or take any other 
web apps down. In fact, Tomcat does 
include a manager tool that will let 
you deploy, undeploy, and redeploy 
entire web apps without restarting 



Tomcat. In a production environment, 
that’s what you'd use. But for testing, 
it's easier to just restart Tomcat. Info 
on the management tool is at: 

http-y/jakarta.apache.org/tomcat/ 
tomcat-S.O-doc/manager-howto.html 

But in the real world, even a hot 
redeploy is a Big Deal, and taking 
even a single app down just because 
the init parameter value changed 
can be a bad idea. If the values of 
your init parameters are going to 
change frequently, you're better off 
having your servlet methods get the 
values from a file or database, but 
this approach will mean a lot more 
overhead each time your servlet code 
runs, instead of only once during 
initialization. 
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Testing your ServletConfig 

SorvIctConfig’s main job is to give you init parameters. It can also give 
you a Servlet Context, but we 11 usually gel a context in a dillerem way, 
and tile getServletNamei method is rarely useful. 

In the DD (web.xml) file: 

<?xml version»"1.0" encoding-"ISO-8859-l"?> 

<web-app xmlns="http://iava.sun.com/xm1/ns/j2ee" 

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance'' 

ition“"httpj // java.sun.ccWxml/ns/j2ee/web-app_2_4.xsd" Most * crtr 
version="2.4"> w><tho<l 

<servlet> 

<servlet-name>BeerParamTests</aervlet-r.ame-'» 

<servlet-class>com.example.TestInitParams</servlet-class> 

<in±t-param> 

<param-name^adminEmail</param-naiTie> 

<parattt-value>l lkewecare@wickedlysmar t .COin</para»- 

</init-param> 

<init-param> 

<param-name 'mainEm3il</param-name> 
param- I param-val 

</in±t-param> 

</servlet> 

<servlet-mapping> 

<5erviet-name>BeerFaramTe5t5</5ervlet-name> 

<url-pattern>/Tester.io</url-pattern> 

</servlet-mapping> 

</web-app> 


In a servlet class: 

package com.example; 
import javax.servlet 
import javax.servlet.http.*; 

Import Java.lo.*; 

public dess TestTni t Parsing extends Ht^pServiet | 

public void doGet(HttpServletRequest request, HttpServletPesponse response) 

throws IOException, ServierException 1 

response.setContentType("text/html"); 

PrlntVIriter out = response.getWriter0; 
out.println("test init parameters<br>")> 

java.util.Enumeration e = qetServletConfig0 .getinitParameterNames <); 
while(e.hasMoreElements()) I 

out.printin(”<br>param name = " + e.nextElement() + "<br>"); 

I 

uut.printin("main email is " + qetServletConfigt).getlnitParameter("mainEmail")); 
out.printin(”<br >"); 

.'Ut .pr int In ("admin email is " ♦ gel3ervletConfig () .getlnitParameter ("adminEmai:")) ; 

I 
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javax.servlet.ServietConfig 

«interface» 

_ ServletConfig _ 

gettnitParameterfStnngl 
Enumeration gettnitParameterNames() 
get$ervbtConte*t() 
getServtelNamei) 

-- 
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How can a J8P get servlet 
init parameters? 

A Sm/rfConfig is lor servlet configuration it doesn’t sav 
/S/Aionligi, So if you want other pans of your application 
to use tin- same info you put in the servlet’s init 
parameters in the 1)1), you need something mme. 


What about the way we did it with the beer 
app? We passed the model info to the JSP 
using a request attribute... 


. v lye 


Lo\oir 


II inside the doPostI) method .(T. .. 

String color = request.getParameter( color )t 


tKo>t £ 


(von't )' 4 


BeerExpert be = new BeerExpertO; 

. tndsl 


1 


request. .setAttribute ("styles", result); 


able ^ V 1 




T £ 'tm?Z *1 


We could do it this w ay. I'he request object lets you set 
attributes think of them as a name/value pair where the 
value <an I»»- any object that any other servlet or JSP that 
gets (lie request can use. That means any servlet or JSP to 
which the request is forwarded using a RequestDispatcher. 
We’ll look at RequestDispatcher in detail at I lie end of 
this chapter, hut lor now all we care about is getting the 
data in this rase the entail address) to the pieces of the 
web app that need it. rather than just one servlet. 
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Setting a request attribute 
works... but only for the JSP to 
which you forwarded the request 

With the beer app. it made sense to store the model inlb (or 
the client's request in the request object , because the next step 
was to forward the request to the JM* responsible for creating 
the view. Since that JSI* needed the model data and the data 
was relevant to only that particular request, everything was 
fine. 

But that doesn’t help us with the entail address, because we 
might need to use it front all over the application! There is a 
way to have a servlet read the in it parameters and then store 
them iu a place other parts of the app could use. but then 
we’d have to know which servlet would always run lu st when 
the app is deployed, and any changes to the web app could 
break the whole thing. No, that won't do either. 

I wonder if "'N. 

V there's something like ) 

( init parameters for the / 
t. application ? ) 

O—^ ^ 

o 
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Context init parameters to the rescue 


Context init parameters work just like . 1 rrrlrt init parameters, exc ept 
context parameters are available to the entire webapp. not just 
a single servlet. So that means any servlet aml.JSI* in the app 
automatically has access to the context init parameters, so we don't 
haw to worry about configuring the 1)1) lor every sen-let, and when 
the value changes, you only have to change it one place! 

In the DD (web.xml) file: 

<Hervlet> 

<servlet--name ■BeerParamTestsc/servlet-name • 
sor v1et-c1aas >l'es 1 1nit Par jmr-7 serv 1 et-cias: 
</servlet> 




<context-param> 

<param-name>adminEmail</parant-naine> 
y\ <param-value>clientheaderror@wic)cedlysmart. conK/param-value> 

/ </context-param> 

Vox 


'Woktahth 7 > 

^ WOLE „ 




In the servlet code: 

getSorvlet Contoxt() -getTnitParameter("adminEmat1") 
ft* « i o - meh-hod 


OR: 


C»ery icrvlci i k X ' T>ie ykSerx'ctuo £ ev *letCor , t<’‘h. 


£ 


Servlet nontext context - getServietContext0; 

out .println (context.getlnitParameter ("a'-tminEitiatl'’)) ; 


Here we broke out ihe Code mho TWO d*ps- 
yttin^ hhe ServleiC«>ie*-t reference, and tailing 
ihi ^eilnihParameherO method 
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context vs. servlet mil parameters 


Remember the difference between servlet init 
parameters and c ontext init parameters 

Hrrr’> <i rrvirw <>l ilu* krv difTerrnces belwmi emlrtf init parameter* and i rnlrl 
init parameters. Pay special attention i*• thr lad that they're both referred to as 
ini! parameters, even though only \ml(t init parameters have thr word “init' in 
the DD configuration. 


Context init parameters 


Servlet init parameters 


Deployment 

Descriptor 


Within the <web-app> element but NOT 
within a specific <servlet> element 


Within the <servlet> element for each 
specific sen/let 


web-app ... 

« context-p a ram - 

<param-naroe>foo</parazn-name> 

<pa r am-va lu<?>ba r</pa ram-va 1 ue> 

■ /context-param 

< \— other stuff including 
t . :■ irat 

web-app 

b say 
DD for 

the wayit does 

yjrametecs 


Notice doesn't 
Anywhere m the 

init yardmeters, 
(or servlet mit 


t" 

Content 


servlet 

■cr.ervlet-name> 

Bee r Pa r amTe s t 

< /Eeirvlet-name • 

< servlet—class> 

Test InitPai ami. 

! :;c r V i •; t . acs'- 

init-jiar am 

: 

<param-value>bar</param-value> 

</init-paranu- 

I— other stuff —> 

servlet 


C Ar.iiAl 
WCI »ICS 


qerServle- Context i) .get Init Parameter (’’too"!; get Servlet Configt) .getlnitParameter ("fop"!; 

|t‘s the same method name 1 


Availability 


To any servlets and JSPs that are part To only the servlet for which the <mit-param> was 

of this web app configured. 

(Although the servlet can choose to make it more 
widely available by stonng it in an attribute) 
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Servlet Config is one per servlet 
Servlettfowfexf is owe per web app 


There's only one ServlrlCnntrxt for an entire web app, and .ill the Web app initialization: 


parts of the web app share it. lint eat It icrvlet in the app has its own 
ServlctConfig. The Container makes a Sen le(Context when a web 
app is deployed, and makes the eontexl available to each Servlet and 
JSI’ I w hich become* a servletl in the web app. 


Container reads the DD and 
creates a name/vatue Stnng pair 
for each <oontext-param> 



^ Con* 


Container creates a new instance 
of ServletContext 


Container gives the 
ServletContext a reference to 
each name/value pair of the 
context init parameters 


Every servlet and JSP deployed 
as part of a single web app 
has access to that same 
ServletContext 


Servlet B 


Servlet C 


Servlet A 


^ Ves. JSP* ** 
A they alw yt 


mrt «*" 

Servlet B 


">'t para«,i 

Sctrvki A »n.de 


If the app is 
distributed, there's 
one ServletContext 
per JVM! 

If your application is distributed across 
multiple servers (probably in a clustered 
environment), your web app really COULD 
have niore than one ServletContext A 
ServletContext is one per app, but only if 
the app is in a single JVM! 

In a distributed environment, you 'll have one 
ServletContext per JVM Now. chances are 
this won't create problems, but if you have a 
distributed web app. you bettor consider the 
consequences of having different contexts 
for each JVM. 


Don’t confuse 
SorvletConfip 
parameters with 
ServletContext 
parameters! 

you roally have to keep these straight on 
Z exam, and it s tricky. You MUST know 
that both ServletConfig and ServlelContex 
have mit parameter s. and both have the 

same getter method-getlmtParametenl 

BUT you also have to know that context 
mil parameters are set with <oon(ext-peram> 
(not mside a <senrlet> element) whdeseMet 
inn parameters use <init-paraw> ^dethe 
- ..... *-oon/tef> declarations in the DU 


tltni^l. 'll 

waurn it; 


Watch it! 




servlet and context Init parameters 


Durnl* Questions 


What's with the inconsistent naming scheme? 
How come the DD elements are <confe*f-param> and 
<init-param> but in the servlet code, BOTH use the 
getlnitParameterl) method? 

A: 

They didn't ask us to help them come up with the 
names. If they had, of course, we'd have said it should be 
get/nifParameterO and getContexfParameter(), to match 
the XML elements in the DD. Or, they could have used 
different XML elements—perhaps <servlet-init-param> 
and <context-init-param>. But no, that would have sucked 
all the fun out of trying to keep them straight. 


Why would I ever use <init-param> anyway? 
Wouldn't I always want to use <context-param> so 
that other parts of my app could reuse the values and 
I won't have to duplicate XML code for every servlet 
declaration? 

A* 

It all depends on which part of your app is 
supposed to see the value. Your application logic might 
require you to use a value that you want to restrict to 
only an individual servlet But typically, developers find 
app wide context init parameters a lot more helpful than 
servlet-specific servlet init parameters. Perhaps the most 
common use of a context parameter is storing database 
lookup names. You'd want all parts of your app to have 
access to the correct name, and when it changes, you 
want to change it in only one place. 


What happens if I give a context init parameter 
the same name as a servlet init parameter in the same 
web app? 

A * 

The molecular-sized black hole miraculously 
created in a research facility in New Jersey will slip from its 
containment field, plummet to the earth's core, and destroy 
the planet. 





Or maybe nothing, because there's no name space conflict 
since you get the parameters through two different objects 
(ServletContext or ServletConfig). 


0 : 

If you modify the XML to change the value of an 
init parameter (either servlet or context), when does the 
servlet or the rest of the web app see the change? 


A- 

* ONLY when the web app is redeployed. 

Remember—we talked about this before—the servlet is 
initialized only once, at the beginning of its life, and that's 
when it's given its ServIptConfig and ServletContext.The 
Container reads the values from the DD when it creates 
those two objects, and sets the values. 


0 : 

Can't I get around this by setting the values at 
runtime? Surely there's an API that'll let me change 
those values dynamically... 


A: 

No, there's not. Look in ServletContext or 
ServletConfig and you'll find a getter (getlnitParameterO), 
but you won't find a setter. There’s no setlnitParameterl). 


That's lame. 


i\r These are mil parameters. Init from the Latin word 
initialization. If you think of them purely as deploy-time 
constants, you'll have the right perspective. In fact, that's 
so important we're going to say it again in a bolder way: 


Think of init parameters as 
deploy-time constants! 

You can get them at runtime, 
but you can’t set them. There’s 
no setlnitParameter(). 
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Exercise 



Code Magnets 

Rearrange the magnets to form a DO that declares a 
parameter that matches the servlet code: 

letServie- Contexto .getlnitParameter ("f<x "); 

You won t use all of the magnets! 

(Note: when you see <web-app... >, remember that 
this is our short-cut to save space on the page. You 
can't deploy a web.xml file unless the <web-app> 
tag has all the attributes it needs.) 



If vou see “init parameter” without^ 
Knowiny if it means serviet or cen— 
r init parameter, assume ser vl et . 

=»3:-SS;:- 

parameter or a context init parameter __ 



<servlet- 


param> 
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the ServletContext 


So what else can you do with 
your ServletContext? 

A ServlelConlrxl is ,1 |SP or servlet's < t ii>11 

(n Iwiih the Container anti ilie- otlu-r parts of the 
web app Here are some of the ServIrtContcxt 
methods. We put the ones you should know for 
(lie exaill ill hold. 


We ll bik about parameters 
attributes m a pa ^ s 




javax.servlet ServletContext 




fet ,*t V***** ard 

y t/set att'nbute*- 


info about {he 


Writ* to the server's U 
tile ^vendor-spee.f.e) ^ 
System out 


«kifediace» 

_ ServletContext 

getlnitParameter(String) 

getlnitParameterNamesI) 

getAttribute(String) 

getAttributeNamesO 

setAttributefString, Object) 
removeA ttributefString) 

getMaprVerstonf) 

getServerlntot) 

getRealPath(Stnng) 
getResourceAsStreany String) 

getRequestDispatchcriString) 

hOfSfnng) 

// more methods 
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$3 


You can get a ServletContext In two 
different ways... 


on the exam that says 
^rvLtC^O 

No, only is (M legal. but ,t does me same W"9 “ 

* a seM«. «. oaV •» Y» "f° "fiKSK, 

SenielContig ,o gsl j»- I*. 

L ih* dance 0/ANYONE c Z^ r o»n 

| code mar oses the Serv/etConfig fo get the context 

But what rf the code is /ns»de m"**J*^ 

*•»* ******* 
to get a reference fo the ServtetConfext od/ecf 


O: 

How do all the parts of a web app get access to 
their own ServletContext? 


A*. 

J£\ For servlets, you already know; call your inherited 
getServletContextO method. 


For JSPs it’s a little different—JSPs have something called 
"implicit objects", and ServletContext is one of them, 
You’ll see exactly how a JSP uses a 5ervletContext when 
we get to the JSP chapters. 


O: 

V^, So you get built-in logging through your 
context? That sounds VERY helpful! 


A: 

XX Um, no. Not unless you have a really small, simple 
web app. There are much better ways to do logging. The 
most popular, robust logging mechanism is Log4j, you 
can find it on the Apache site at; 

http://logging.apache.org/log4j 

You can also use the logging API from java util logging, 
added to J2SE in version 1.4 

It's fine to use the ServletContext log() method for simple 
experiments, but in a real production environment, you 
will almost certainly want to choose something else. 
There’s a good reference on web app logging with and 
without Log4j in the Java Servlet & JSP Cookbook from 
O'Reilly. 


Logging is not part of the exam objectives, but it's 
important. Fortunately, you’ll find the APIs easy to use. 
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context parameter limitations 


Hate to spoil your 
ScrvIctContext party, but, um, 
those init parameters can't be 
anything except STRINGS 1 That's it 1 
What if I want to initialize my app 
with a database DataSource that all 
the servlets can use? 



What if you want an app 
init parameter that's a 
database PataSource? 

Context parameters can't be anything except 
Strings Alter all. you can't very well stull Dug 
object into an XML deployment descriptor. 
(Actually; you could represent a serialized object 
in XML I ml there’s no facility for this in the 
Servlet spec today... maybe in the future.. 

What if you really want all the parts of 
your web app to have access to a shared 
database connection? You can certainly put 
tile DataSource lookup name in a context 
mil parameter, and that's probably the most 
common use of context parameters today. 

But then ivho does the ivork of turning 
the String parameter into an actual 
DataSource reference that all parts of the 
web app can share? 


You can’t really pul that code in a servlet, 
because which servlet would you choose to be 
I lie One Hi Lookup j'he ! ).11 | Si iMi'i i ■ And 
Store b lii An Attribute? Do you trull y want to 
try to guarantee that one servlet in particular 
will always run lirst? Think about it. 



FLEX YOUR MIND 

How could you solve this problem? 


How could you initialize a web app with an 
object? Assume that you need the String 
context init parameter in order to create that 
object (think about the database example). 
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OK, if only there were a way 
to have something like a main 
method for my whole web app Some 
code that always runs before ANY 
servlets or JSPs... 



What she really wants is a listener. 

Shr Wants lo listen fora context initialization event, 
so that she can get the context init parameters and 

run some code before the rest of the app can 
sendee a client. 

She needs something that can he sitting there, waiting 
to he notified that the app is starting up. 

Hut which part of the app could do die work? You 
don't want to pick a servlet that’s not a sen let’s joh. 

There's no problem in a plain old standalone Java 
app, hccimse you’ve got nuiiri i! Bui with u servlet, 
what do you do? 

You need something rise. Not .» servlet or JSH hut some 
other kind of Java object whose sole purpose in life 
is to initialize the app land possibly to itninitialize it 
too, cleaning up resources when it learn* of the app’s 
demise..,). 
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context listener-. 


She wants a ServletContcxtlistcner 


We i ;in make a separate class. not a servlet i»r ,|SH that can 
listen for the i\co key events in a ServletContext's life 
initialization 'creation) ami destruction. That separate class 
implements javax.servlet.Serv letContextListener. 


We need a separate object that can: 

■ Get notified when the context is initialized (app is being 
deployed) 

■ Get the context init parameters from the ServletContext 



■ Use the init parameter lookup name to make a database 
connection 


■ Store the database connection as an attnbute, so that all 
parts of the web app can access it 


■ Get notified when the context is destroyed (the app is 
undeployed or goes down) 

■ Close the database connection 


A ServletContextListener class: 

VI ^ £ervletCo«te*U-*sfcc*^ * ' B 

import iavax.servlet.*; . oaekaoe 

v 1 *"• -J 


tor,test l«ter,er 
s,r.yle ,r.ylerr.ent 
ServletContestL-irbener 


ServletContextListener | 


1 


public v id contextlaitialized (SetvletContextEv-=-nt event) 
//code to initialize the database connection 
//and store it as a context attribute 

) 

public id contoxtDestroyed i:3«r vie' ' ntext Event event) | 
//code to close the database connection 

1 


I 


°ni 
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FLEX YOUR MIND 

What do you think the mechanism 
might be for making a listener be 
part of a specific web app? 


Hint: how do you tell the Container 
about the other parts of your web 
app? Where might the Container 
discover your listener? 
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using a S ervletContextListener 


Tutorial: a simple ServletContextlistener 


Now we’ll walk through the steps of making and running a 
Servlet( a in text Listener. This is just a simple test class so that 
you can see how all the pieces work together, we're not using 
the database connection example because you'd have to set tip a 
database to make it work. But the steps are the same regardless of the 
code you put in your listener callback methods. 

In this example, we’ll turn a String init parameter into an actual 
object—a Dog. The listener’s job is to get the context init parameter 
for the dog’s breed (Beagle, Poodle, etc.), then use that String to 
construct a Dog object. The listener then sticks the Dog object into 
a Sen letContext attribute, so that the sen let can retrieve it. 

The point is that the serv let now lias access to a shared application 
uhjert (in this case a Dog , and doesn't have to read the context 
parameters. Whether the shared object is a Dog or a database 
connection doesn’t matter. I’bc key is to use the init parameters to 
create a single object that all parts of the app w ill share. 



In this example, sue'll pvt a 
D05 mto a Servlet Con text 


Our Dog example: 

■ The listener object asks the ServletContextEvent 
object for a reference to the app’s ServletContext 

■ The listener uses the reference to the ServletContext 
to get the context init parameter for ’breed which is a 
String representing a dog breed 

■ The listener uses that dog breed String to construct a 

Dog object 

■ The listener uses the reference to the ServletContext 
to set the Dog attribute in the ServletContext. 

■ The tester servlet in this web app gets the Dog 
object from the ServletContext. and calls the Dog s 
getBreedf) method 
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Making and using a context listener 

M •ivIh- you're still wondering how the Container discovers 
and uses the listener... You configure a listener the same 
way you tell the Container about the rest of your web 
app—through the web.xml Deployment Descriptor! 


(T) Create a listener class 

To listen Tor 
ServletContext events, 
write a listener 
class that implements 
ServlelContextLiStencr. 
put H in your WEB-INF/ 
classes directory, and tell 
the Container by putting a 
<listener> element in tbe 
Deployment Descriptor. 

© Put the class in WEB-INF/classes 

(Thi. Withe ONtVTbtt ^ 

vVtB-lKF/el*** 411 

yUces the ta* We tor 

tUisev We'll cover the others .* the 

Pefloy-e"t rKafter ) 

© Put a <listener> element in the 
web.xml Deployment Descriptor 

<listener> 

<1istener-class> 

com.example.MyServletContextListener 
</listener-class* 

</listener> 


n '* k JUt ^ 


«tnterface» 

_ ServletContextListener 

coctexIIntUabzediSenrtetContextEvent} 

i’xmtextDestmyediSenleiContextEveni) 

-^- 

i 

_l_ 

MyServletContextlistener 

conlexllniMized(Ser\tetContextEvent) 

contextDestroywJlServtetConteirtEventl 
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ServletContextListener tutorial 


We need three classes and one 99 

For our context listener test example, we need to 
write the classes and the web.xml file. 

For ease of testing, we'll put all of the classes 
in the same package: mm .example 

(7) The ServletContextListener 

MyServletContext Listener, java 

This class implements ServletContextListener, 
gets the context mit parameters, creates the Dog, 
and sets the Dog as context attribute. 



(2) The attribute class 

Dog.java 

The Dog class is just a plain old Java class. 

Its job is to be the attribute value that the 
SenIrlConlextListener instantiates and sets in 
the ScnietContext. for the scnlel lo retrieve. 



(5) The Servlet 

ListenerToster.java 

This class extends HttpServlet. Its job is to verily 
that tin listener worked by getting the Dog 
attribute from the context, invoking get Breed on 
the Dog, and printing the result to the response 
so we’ll see it in the brow ser 
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Writing the listener class 

It works just like other types of listeners you might 
for familiar with, sm h as Swing (»UI event handlers. 
Rrtnemfoer. all we nerd to do is gel the context init 
parameters to find out tlit- dog forced, make the Dog 
object, and put the Dog into the context as an attribute. 


«interface» 

ServletContextListener 

^- 

I 

■ M ■ . 

MyServletContextListener 

coetertlnitializedfServletContextEventj 

contBxtDestroyedfServietContextEvent) 



package com.example; 
import, javax.servlet.*; 




ServletContextListener i 


public v:id contextlnitialized (ServletContextEvent event) t 

— Aik {he eveni for the Serv|et(V{e*t 


3"tvletContext sc - event.qetServletContext();< 
String dogBreed - sc.getlnitParameter("breed"); 
Dog d - new Dog(dogBreed) ; $ — Make a **'•' 


Mie the do«{ex{ -to ge{ 

the iairfc parameter 


sc.setAttribute("dog", d); 


Wie the donte*t to »et an attr-bute (a 
na»e/objedt pair) {hat is the Dog Now 
other parts of {he app will be able lo ge{ 
{he value of {he attnbu{e ({he Dog) 


) 


public void contextDestroyed 1 3crvletContextEvent event) [ 


// nothing to do here 

I 


We don'{ need any{hmg here The Dog 
doem'{ need {o be cleaned up when {he 
don{ex{ yes away, •{ means {he whole 
app 0 going down, indludmg {he Dog 
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Writing the attribute class (Pog) 

Oil yeah, we need a Dog class the class represenliii^ 
the object we're i>oiny to store in the ServletContexi, 
after readmit the eon text inti parameters. 


package com.example; 

public class Dog | 

private String breed; 


special 
Ju*t a pUin old Java 


Dog 

L 

Dag(Stnrvg) 

getBreedO J 



public Dog(String breed) ( 
this.breed - breed; 

I 

public string getBreodO 
return breed; 

I 


^’11 u* 1L,, x . 

p. r , 


\ „ at-k.w. «» t* D ?’ rt. 


0 : 

I thought I read somewhere that servlet attributes 
had to be Serializable... 


A: 

Interesting question. There are several different 
attribute types, and whether the attribute should be 
Serializable only matters with Session attributes. And the 
scenario in which it matters is only if the application is 
distributed across more than one JVM We ll talk all about that 
in the Sessions chapter. 

There s no technical need to have any attributes (including 
Session attributes) be Serializable, although you might 
consider making all of your attributes Serializable by default, 
unless you have a really good reason NOT to. 

Think about it—are you really certain that nobody will ever 
want to use objects of that type as arguments or return values 
as part of a remote method call? Can you really guarantee that 
anyone who uses this class (Dog, in this case) will never run in 
a distributed environment? 

So, although you aren't required to make any attributes 
Serializable, you probably should if you can. 
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Writing the servlet class 

This is thf c lass (hat tests the* ServIrtC'ontextl.istewr. 
If everything is working right, by the time tin* 
Servlet's doGetn method run* for the first time, 
the Dog w ill be waiting as an attribute in the 
ServletComext. 


package com.example/ 

Import javax.servlet.*; 
import javax.servlet.http.*; { ar 

import java. io. *; 

a «*** * 

public class ListenerTester extends HttpServlet ( 

public void doGet (HttpServletRequest request, HttpServletResponse response) 

throws TOException, ServletException I 

response.setContentType("text/html"); 

RrintWriter out = response.getWriter(); 



out.printlrc ("test context attributes 
out.print In("< m ■"); 

Dog dog = (Dog) getServletContext 

^ do* I; foryt the east * I 

out.print In("Dog's breed is: “ ♦ dog 


set by listener<br>"); 

tT^ r 

() . getAttribute ("dog") ; , \, s te*>r r ke ncfQftf. 

P<*» filled »* 

Vo* V* 

getBreedO); tA 


getAttributeO returns 
•ft W type Object! You need 
to cast the return! 

But getlnitParameter() returns a st ^_So y°u 
must cast the return of getAttnbute(). but the 
return of getlnitParameterO can be assigned 

££yc» S . swwso. ««»*• 

exam code that doesn t usea> caS(. „ 

Dog d = ctx.getAttributef dog ), <r 

(Assume ctx Is a ServletContext.) 


nzypd.A.i ~rk, THIS,, where 
we I f .«d out we'll jet j b,j fat 

3etBreedO »*d there'* BO Doj 
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configuring a listener a the DO 


Writing the deployment descriptor 

Now vie (i'll tin- Container that we have a listener for 
this app, using tin* <listenei> element. This element is 
simple it needs onl\ the class name. That's it. 


11_■ 


i f.i. 


-web-app xmln£="http: //java .aun.com/xml/ns/ i Zee" 

xtulns:x£i=*http://wwv.w3.org/2QC. iMMB i-:r. stance" 

: - ini, catlon» w http!//java.*un.com/xml/n6/j2o©/w^>-apj; . tr 

version-"!.4“ ■ 


<servlet> 

<servlet-name>ListenerTester</servlet-nan)e> 

<servlet-class>com.example.ListenerTester • /aervlet-class> 
</serviet> 


■ servlet -mapping> 

ser v iet-name.-ListenorTester^/serv let -name > 
•url-pattern>/ListenTest.do</url-pattern- 
• / oe rv le t -mapp i ng > 

<context-param> 

<param-name>breed</paxam-narae> 
<param-value>Grcat Dane</param-value> 
</context-param> 


the V** 

the D°^ 


<listener> 

<listener-class> 

com.example.MyServletContextListoner 
</listener-class> 

</listener> 

</web-app^ 


Ln< •<"«**> ekment does HOT 1 ™ 

'"“fV <ierv, ei> ele^t 9 ° M », 
»*"■> «.t iv 12 r** 1 - 
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Dte' C^uenlions 


O: 

Hold on... how are you telling the Container 
that this is a listener for ServletContext events? There 
doesn't seem to be an XML element for <listener-type> 
or anything that says what type of events this listener 
is for. But I noticed you have "ServletContextListener" 
as part of the class name—is that how the Container 
knows? By the naming convention? 


A • 

No. There's no naming convention. We just did it 
that way to make it painfully clear what kind of a class we 
wrote. The Container figures it out simply by inspecting 
the class and noticing the listener interface (or inter¬ 
faces; a listener can implement more than one listener 
interface). 


O: 

VA, Does that mean there are other types of listen¬ 
ers in the servlet API? 


A; 

Yes, there are several other types of listeners that 
we ll talk about in a minute. 
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compiling and deploying listener test 



toni cat 


listenerTest 


WEB-INF 


classes 


example 


Compile and deploy 


Lei’s gel n ill working. The *it*|>s art*: 


(?) Compile the three classes 

They’re all in the same package 


( 2 ) Create a new web app in Tomcat 

■ Create a directory named listenerTest and place it 
inside the Tomcat webapps directory. 

■ Create a directory named WEB-INF and place it 
inside the listenerTest directory. 

■ Put your web.xml file in the WEB-INF directory. 

■ Make a classes directory inside WEB-INF 

■ Make a directory structure inside classes that 
matches your package structure: a directory called 
com that contains example. 


(3) Copy your three compiled files into your web 
app directory structure in Tomcat 


, . ill you* - 


J x- Tk ‘T l ,t 

JLiT 


web.xml 


ListenerTester class 


Dog class 


My ServletContextUstener class 


listenerTest/WEB-INF/classes/com/example/Dog.class 

listenerTest/WEB-INF/classes/com/exanple/ListenerTester.class 

lietenorTeet/WEB-INF/elaeeee/eom/oxanyle/MySorvletContcxtI.ietener.class 


(4) Put your web.xml Deployment Descriptor into 
the WEB-INF directory for this web app 

listenerTest/WEB-INF/web.xml 


(5) Deploy the app by shutting down and 
restarting Tomcat 
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attributes and signers 


Try it out 


Brim; up youi browser and let's Ini the servlet directly. We didn't 
bother making an HTML page, s<i we'll ;u < ess the servlet by typing 
in the URL from the servlet mapping in the 111) iLisieitTest.doi. 



* f! 


C □ Q LIZr3 


//k>calhost8080''listenerTe5tlistenTe5t,do 


test context attributes set by listener 


X .,.tl The servlet 

Dog's breed is: Great Dane ^ ^wst have attr^tr 

tKat vOs set W t 


Troubleshooting 


If you get a NullPbinlerExccption, you didn't get a Dog back 
from gctAuribule(). Check the String name used in rr/Attributei 
and make sure it matches the String name you're using in 
^Attribute!). 

Recheck your web.xml and make sure the <listener> is registered. 

Try looking at the server logs and see if you can lind out if the 
listener is actually being called. 

lb make it as contusing as possible, we gate everything a subtly 
different name We want to make sure you're paying attention to 
how these names arc used, and when you name everything the 
same, it’s tough to tcH how the names affect your app. 


Servlet class name: ListenerTester.class 

Web app directory name listcnerTest 

URL pattern mapped to this servlet: IJstonTest.do 








how our ontevt lisTonei works 


The full story... 

Hi re’s the jK'ennrio Iron) siarl (app iniliali/.aiioii lo 
finish imtvIim runs - You'll see in step 11 we condensed 
the Servlet iniliali/ation into one big step. 


© 


Contoiner reads the Deployment Descrip¬ 
tor for this app. including the <listener> and 
<context-param> elements, 



web.xml 




Container creates a new ServletContext 
for this application, that all parts of the 
app will share. 


i-v^-""sr \ 

| Container J \ J 


ServletContext 


( 5 ) Container creates a name/value pair of (4) Container gives the ServletContext refer- 

Stnngs for each context mit parameter. ences t0 thc name/va , uc parameters. 

Assume we have only one 




© 


Container creates a new instance of the 
My Servlet Cun lex (Listener class. 



MyScrvletContextListener.class 


© Container calls the listener's 

contextInitialized() method, passing 
in 0 nsvy ScrvIstContC-xtEvsnt 
The event object has a reference to 
the ServletContext. so the event¬ 
handling code can get the 
context from the event, 
and get the context 
init parameter from 
the context. 

s«ry t€y <nt 




listener 
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attributes and listeners 


The story continues... 


© Listener asks ServletContextEvent for a 
reference to the ServletContext. 



listener 


getServletContextQ 



ServletContextEvent 


({j) Listener asks ServletContext for the 
context init parameter "breed". 




listener 






Listener uses the init parameter to 
construct a new Dog object 




Listener sets the Dog as an attribute in 
the ServletContext. 

/l&V— sctAttribute(“dog\ d) — 

ServletContext 

listener 


Container makes a new Servlet (i.e , makes 
a new ServletConfig with init parameters, 
gives the ServletConfig a reference to the 
ServletContext, then calls the Servlet's 


o 

Si>"*ng 


(r) 


init() method) 

S«rvl«.- T 1 

+ . . Context 

Config S ^ 

'ir 

• init(ServletConfig) , /— ^ 1 

instance of 
ListenerTester.class 


Container 


Servlet gets a request, and asks the 
ServletContext for the attribute “dog" 



(o 

Servlet 


getAttributeC'dog") — 

ServletContext 



(13) Servlet calls getBreed() on the Dog 
(and prints that to the HttpResponse). 


-getBreed() — 

Servlet Dog 


you are here ► 179 






other listeners 


I just thought of something 
since attributes can be set 
programmatically (unlike mit 
parameters), can I listen for attribute 
events? Like if someone adds or 
replaces o Dog? 



listeners: not just for 
context events... 


Where there’s .1 lifrctrlt moment , there’s usually a 
Itstrnn to hear about it Besides context events, 
you can listen lor events related to context 
attributes, servlet requests and attributes, and 
IIITP sessions and session attributes. 




p.ejclN You don't have to know all 
of the listener API. 


Other than ServletContextUstener. you 
really don 't need to memorize the methods of 
each of the listener interfaces. But. you DO 
need iO know the kinds Of events that you Carl 
listen for. 

The exam objectrves are clear you ’ll be given a 
scenario (a developer 's goal for an application) 
and you ’ll need to decide which is the right type 
of listener or whether it 's even POSSIBLE to be 
notified of that lifecycle event 


Note ; we don't talk about kismm until the ne*t 
chapter, so don't worry about it rf you don’t yet 
know what an HTTP session is or why you care 
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attributes and stone r s 


Exercise 


Scenario 


Pick the Listener 

Match the scenario on the left with the 
listener interface (at the bottom of the page) Ii 
that supports that goal. Use each interface * 
only once. (Yes. we KNOW we haven't looked at 
these yet. See what you can come up with just by 
looking at the names. Answers are on the next 
page, so don't peek!) 


h 


Listener interface 


You want to Know if an attribute in a 
web app context has been added, 
removed, or replaced. 


You want to know how many concurrent 
users there are In other words, you 
want to track the active sessions 


You want to know each time a request 
comes in. so that you can log it 

You want to know when a request 
attribute has been added, removed, 
or replaced 

You have an attnbute class (a class 
for an object that will be put in an 
attnbute) and you want objects of 
this type to be notified when they are 
bound to or removed from a session 

You want to know when a session 
attnbute has been added, removed, 
or replaced 


Choose from these listener interfaces. 

Use each listener only once. 

HttpSessionAttributeUstener ServletRequestListener 

HttpSessionBindingListener HttpSessionListener 

ServWReonesM mM'Usu,™ 
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common listeners 


The eight listeners 


Scenario Listener interface Event type 


You want to know il an attribute in a 
web app context has been added, 
removed, or reptaced 

javax servlet ServletContextAttributeListener 

attnbuteAdded 

attnbuteRemoved 

attnbuteReplaced 

ServletContextAttnbuteEvent 

You want to know how many 
concurrent users there are In other 
words you want to track the active 
sessions (We cover sessions in 
detal In the next chapter) 

javax servlet http HttpSessionListener 

sessmCreated 

sessionDestroyed 

HttpSessionEvent 

You want to know each time a 
request comes in, so that you can 
log tt 

javax servlet ServletRequestListener 

requesllnitialized 

requeslDestroyed 

ServletRequestEvent 

You want to know when a 
request attribute has been added, 
removed, or reptaced 

javax servlet ServletRequestAttributeListener 

attnbuteAdded 

attnbuteRemoved 

attnbuteReplaced 

ServletRequestAtlrlbuteEvent 

You have an attnbute class (a class 
for an object that will be stored as 
an attribute) and you want objects of 
this type to be notified when they are 
bound to or removed from a session 

javax servlet http HttpSessionBindingLIstener 

valueBound 

valueUnbound 

Http SessionBmdmgE vent 

You want to know when a session 
attribute has been added removed 
oi reptaced 

javax servlet http HttpSessionAttributeListener 

atthhute Added ... 

iANL/W />i. f Vo*" "thlS 

attnbuteRemoved £ 

attnbuteReplaced 

HttpSessionBindingEvent 

tr.buteL.ster.e*- “ NOT ^ 7- 

HltpSfivonAAtr'bulrtverU 

You want to know if a context has 
been created or destroyed 

javax servlet ServletContextListener 

contextlnitialized 

contextDestroyed 

ServletContextEvent 

You have an attnbute class, and 
you want objects of this type to be 
notified when the session to which 
they're bound is migrating to and 
from another JVM 

javax servlet http HttpSessionActivationListener 

sesslonDidActlvate 

sesslonWillPassivate 

HttpSessionEvent 

l-t** NOT " 
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attributes and listeners 


The HttpSessionWndihglistener 


You mi^ht l«- confused about the difference between an 
HttpSessii n\Btntltng \.isieticr ami an HtlpSession.'lt/rrAw/r Listener. 

Well, not you. but ttomeonr you work with. 

A plain old HtipSession.lr/n//«M,istrner is just a ( lass that wants to know 
when inn type of attribute lias been added, removed, or replaced in a 
Session. But the HttpScssian/?fW»»gListcner exists so that the attribute itself 
can find out when it has been added to or removed ifom a Session. 



package com.example; 
import javax.servlet.http-** 

public clasc r 4 implements HttpSessionBindingListener 

private String breed; 



public Dog(String breed) ( 
this.breed-breed; 

) 

public String getBreedO ( 
return breed; 


- •-"3 mteheej V/, r , 

dd -^^ 2 i 3 Sjr 


i 


i 


public void valueBound(HttpSessionBindingEvent event) 

// code to run now that I know I'm in a session 
I 

public i valueUnbound(HttpSessionBindingEvent event) 

// code to run now that I know I am no longer part of a session 
J 


J^y ih e 

ba "<d" in< j “ 

"added 
'■t^oved 4 oe, 


word 

‘‘"bound* -to 

<o“and 

¥ 


OK. I get how it works. I get that the Dog (an 
attribute that'll be added to a session) wants to know 
when it's in or out of a session. What I don't get is WHY. 

A: 

_[\ If you know anything about Entity beans- then you 
can picture this capability as a kind of "poor man's entity 
bean'. If you don't know about entity beans, you should run 
to your nearest bookstore and buy two copies of Head First 
EJB (one for you, one for your significant other so you can 
share special moments discussing it). 

In the meantime, here's a way to think about it—imagine 


the Dog is a Customer ciass. with each active instance 
representing a single customer’s info for name, address, 
order info, etc. The real data is stored in an underlying 
database. You use the database info to populate the fields 
of the Customer object, but the issue is how and when 
do you keep the database record and the Customer info 
synchronized? You know that whenever a Customer object 
is added to a session, it s time to refresh the fields of the 
Customer with this customer’s data from his record in the 
database. So the valueBoundO method is like a kick that 
says, 'Go load me up with fresh data from the database- 
just in case it changed since the last time I was used.' Then 
valueUnboundO is a kick that says, 'Update the database 
with the value of the Customer object fields' 
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listener chart 


Remembering the Listeners 

Do your best to fill in the slots in this table. Keep in mind 
that the listener interfaces and methods follow a consistent 
naming pattern (mostly). 

Answers are at the end of the chapter. 


Attribute listeners 


Other lifecycle listeners 


Methods in all attribute 
listeners (except 
binding listener) 


Lifecycle events related 
to sessions (excluding 
attribute-related events) 


Lifecycle events related 
to requests (excluding 
attribute-related events) 


Lifecycle events related 
to servlet context 
(excluding attribute- 
related events) 




EXercise 
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attributes and stpnen. 


What, exactly, is an attribute? 


We saw how the ServletContext listener created a Dor 
object (a feet getting the context in it parameter ami 
was al>l<- to stick (set) the Dog into the ServletCottlcxt as 
an attribute, so that other parts of the app could get it. 
Earlier, with the beer tutorial, we saw how the servlet was 
able to stick the results of the call to the model into the 
Request (usually HttpServletRequest) object as M 

an attribute iso that l he JSIV view could get the 
value). ^ 

An attribute is an object set referred to as 

Inmntf) into one of three other servlet API 

objects ServletContext. HttpSrrvlet Request sfy ( 

lor Sen let Request i. or HltpScssion. You can 

think of it as simply a name/value pair where 

the name is a String and the value is an ()l»ject 

in a map instance variable. In reality, we don’t know 

or care how it’s actualb implemented all we reall\ 

rare about is the uofir in which the attribute exists. In I 

other words, w/io can see it and flow tong docs it live. m 

// t 

An attribute is like an " 

object pinned to a bulletin 
board. Somebody stuck it 
on the board so that others 
can get it. 




Wko tan ree tbu 
bdleiir board ? 
lYKo tan *et and 
set ike aiitnbviej? 


TKp KiO oupsfifins arp: wlin 

J| -»iw *** * ^ mr 

has access to the bulletin 
board, and bow long does 
it live? In other words, 


what is the scope of the 
attribute? 
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attributes vs. parameters 


Attributes are no t parameters! 

If you'd’ new to servlets, you might need to spend some 
time reinforcing the difference between attributes and 
parameters. Rest assured that when \vr t reated the exam we 
spent just that little hit of extra lime trying to make sure 
we made attribute and parameter questions as confusing 
as possible.* 



Attributes 

Parameters 

Types 

Application/context 

Request Tv>c ^ e „ ^ servlet- 

Session sfeti^t attribute 

" an mstd"« xanablcf 

Application/context init parameters 

Request parameters 

Servlet init parameters fj 0 su cb th"*5 as ( 

Kssion yaca»*ete'rs 

Method to set 

setAttributefString name. Object value) 

You CANNOT sef Application and 

Servlet init parameters—they're set 

in the DD, remember? 1W181 Request 
parameters, you can ad|ust the query Stnng, 
but that’s different) 

Return type 

Object 

String <*— ^ &&&*«<*' 

MafU a/ 4 ♦ not 


qetiniiParameieriSirinq name) 

• fivknvM »v 

qetAiiribuiejSirinq name) 

Wt tw ^ ^ 

the tyre .S Object 


*11 s liue If we'd made the exam simple and straightforward 
and easy you woukln t feel that sense of pnde and accom¬ 
plishment from passing the exam Making the exam difficult 
enough to ensure that you d need to buy a study guide m 
order to pass it was never, EVER, a part of our thinking No 
senously We were just thinking of you. 
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attributes and listeners 


The Three Scopes: Context , Reques t, and Session 




Controller 



Accessible to only those with access to a specific ServletRequest 
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attribute scope exercise 



Attribute Scope 

Do your best to fill in the slots in this table. You REALLY need to understand 
attribute scope for the exam (and the real world) because you have to know 
which scope is the best to use for a given scenario. You'll see the answer in a 
few pages, but don't look ahead! If you're going to take the exam, trust us... 
you need to fill this out yourself by taking the time to think it through. 


Accessibility Scope What it's good for 

(who can see it) (how long does it live) 

Context 


HttpSession 


Request 


*w. ~ik,;rr e ***** j; p ; ****«- 
■*-*■** or d *‘ 
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attributes and listeners 


Attribute API 


The three attribute scopes -context, 
request, and session are handled by 
the ServletContext, Servlet Request, 
and HltpSession interfaces. The API 
methods lor attributes arc exactly the 
same in every interface. 


Object getAttribute(String name) 
void setAttribute(String name, Object value) 
void removeAttribute(String name) 
Enumeration getAttributeNames() 


Context 


Request 


Session 


«interface» 

_ ServletContext 

getlnitParameteriStrmg) 

getlnflParametertlamesil 

getAttributejString) 
sctAttributei String. Object; 
remove A ttributefS (ring) 
getAttributeNamesQ 

getMajorVersnnO 

getServerlnfoO 

getReaPalhf String) 
getResourceAsStream{Stnng) 
QetRequastDispalct\er(Slnng) 
hgjStnng) 

.'/MANY more methods . 


«irrterface» 

_ ServletRequest 

getContentTypef) 
getParametert String) 

getAttribute(S tring) 
setAttribute(String, Object) 
removeAttribvtejString ) 
getAttributeNamesf) 

H MANY more methods 


«interface» 

HttpServletRequest 


getContextPafhf) 

gctCoCcoO * 

getHesdwtStnngJ 

getOueryStnngt) hfve 

getSessmnO 

II MANY more methods 


«interface» 

_ HttpSession 

getAttributejString) 
aetAttribute(String, Object) 
removeAttribute(String) 
get A ttributeNamesO 

setMaxlnactivelnle/va)(mt) 
gelid)) 

getLastAccessedT mefj 
// MANY more methods 
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attribute strangeness 


The dark side of attributes... 


Kim derides, to test out attributes. He sets an attribute 
and then immediately gets the value of the attribute and 
displays it in the response. His dot.eiQ looks like this: 


public void doGet(HttpServletRequest request, HttpServletResponce response) 

throws JOException, ServletExoeption [ 


response.setContenfType("text/htmi"); 

PrintWriter out = response.getWriter(); 

out.println("test context attributes<br>"); 

getServletContext() . setAttribute ("fou", '*22"); 
getServletContext () .setAttrib'.iter'bar”, "42'’); 

out.println(getServletContext().getAttribute("foe")); 
out.println(getServletContext().getAttribute("bat")); 


Here’s svliat he sees the first lime lie runs it. 
It's exactly what he expected 
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attributes and listeners 


But then something goes horribly wrong... 

The strand time he runs it. he’s shocked to see: 




FLEX YOUR HIND 

Look closely at the code, and think about 
what’s happening Do you see anything that 
could explain the problem? 


You might not have enough info to solve the 
mystery, so here’s another clue: Kim put this 
code in a test servlet that’s part of a larger 
test web app. In other words, the servlet that 
holds this doGet() method was deployed as 
part of a larger app. 

Now can you figure it out? 

Can you think of how he might fix it? 
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context scope and th/e act iftty 



Context scope isn't tbread'Safe! 

That’s the problem. 

Remember, everyone in the app has access to 
context attributes, and that means multiple 
servlets. Anri multiple servlets means you 
might have multiple threads, since requests are 
concurrently handled, each in a separate thread. 
This happens regardless o! whether the requests 
are coming in for the same or diHerein servlets. 


Thread A 


Client A 



Context Attributes 


^ ‘foo“ 

1 • 


A 22 

1 1- 




’bar" Kjij 




"~7 4? f 

— 


Thread C 


Thread B 



YtkcJ Another servlet that is fart of the 
same neb aff, running in a separate thread 
tan set the "bar" attribute 

And that's not all the Container might 
launih another thread for Servlet A to 
handle a third client 


Client C 
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attributes and listeners 


The problem in slow motion... 

Here’s whal happened i<> Kim’s tew servlet. 


© 


Servlet A sets the context attribute 
"foo" with a value of " 22 “ 



Thread A 



set 


ScrvletContcxt 

String 


(2) Servlet A sets the context attribute 
"bar" with a value of ”42". 



Thread A 





( 3 ) Thread B becomes the running thread (thread 
A goes back to Runnable-but-not-Running), and 
sets the context attribute "bar" with a value 
of "16", (The 42 is now gone) 


Thread B 


set 



getServletContext().setAttribute("foo", "22"); 
getServletContext().setAttrIbute("bat", "42"); 


|n between when ^ 

the valve of ’W * 
the valve <* bar 


another 


out .prir.rln (getServletContext <) .getAttribute(*foo")) 
out.p! ir.tln (getSet vl^tc ,riLexf () .qetAtt: ibute (“bar") ) ; 


. fg&i threadl»rfk-**>d set 

* t/ “bar - to a different valve 


So bv the time servlet A ^ 

Printed the valve of bar , 

had been changed to I* • 
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threads and context attributes 


How do we wake context 
attributes thread-safe? 


Lei's lic.ii whal mime of ihr other 
developers have to say... 


Tm thinking I could ' 

synchronize the doSet() 
method, but that doesn't 
really feel right. But I don't 
know what else to do, 


/ The spec says you're on your own \ 

^ if you need to protect attributes. 

Why force you to have all that 
synchronization overhead if you don't need it? 

> Of course some Web Containers do implement 
that synchronization anyway, but there's no > 
v guarantee so you better be careful. <—^ 


o 


^ ' Synchronizing on the 
do£et() means kissing your 
concurrency goodbye. If you 
synchronize do6et(). it means 
s ~i that servlet can handle only 
\ ONE client at a time! 



, / Why didn't the s 

Servlet spec developers 
just synchronize the get and 
set attribute methods in 
ServletContext. to make 
V. the attributes thread- 

safe? /—* 


gr\ 




4 . 




194 chapter 5 


v ? r 
. ' 




attributes and listeners 


Synchronizing the service method is 
a spectacularly PAP idea 


OK. so wr know that synchronizing I hr service method 
will kill cun concurrency, but il docs givr you (In- thread 
protection, right;’ lake a look at this legal code, and decide 
whether it would prevent the problem Kim had with the 
context attribute being changed by another servlet... 


public s ynchronized old loCet(HttpServletRequcst request, HttpServietResponse response) 

throws IOException, ServletException l 


response.setContentType("text/html"); 
Print-Writer out - response.getWriter t) ; 

out.println("test context attributes<br •"); 

getServletContext().setAttribute("foo”, "22"); 
getSei vlctContext () .setAttribute ("bar ", ’M2"); 


) 


■jut.println(getServletContext().getAttrrbute<”f j. ")); 
out.prlntln(getServletContext().getAttribute("bar")); 


lis can't work! 

Well, it's legal as o 
servlet, but I don't sec 
how this will fix the 
problem.,. 



What do yow thmk ? Will it -fm 
the problem lam had? Lock 
back it the Code ind the 
diagrams if yogVe not sure 
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don't synchronize w service method 


Synchronizing the service method 
won't protect a context attribute! 


Synchronizing (lie service mctlmd means that only one thread 
in a servlet t an he running at a lime... lint it doesn’t stop ntlirr 
servlets or JS|>s from accessing the attribute! 

Synchronizing the service method would stop other threads 
from the same servlet front accessing the context attributes, 
but it won't do anything to stop a completely diffeunt servlet. 




% 



Clienl c 


|f you synchronize the service 
method, you WILL stop the 

Container from starting any 

other methods for new requests 
Coming into servlet A So this 
W|L_L protect the Content 
attributes from bein^ accessed 

kw mVStn# k 3 m An 0 ]■ U W# a/4 
w j wsn v b*Hio vov bo« vat* 

running a service method of 


But you won t do anything 
to stop OTHER servlets^ 
Regardless of whether the 
service methods m other 
servlets are synchronized 
or not it still means 
other parts of the app 

kite# -Ik# 

attributes 


Servlet A 
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attributes and listeners 


You don't need a lock on the servlet ... 
you need the lock on the context ! 


The • v |»i< al way in protect (In* context attribute is I.. 
syn< hruni/i- ON the context object itself. II everyone 
accessing the context has to first get the lock on the context 
object, then you're guaranteed that only one thread at a 
time can he getting or setting the context attribute. But... 
there’s still an //"there. It only works if dll of thr otfin rodr tfiut 
nuiniputalr .. tin utmr amlrxl attributrs I l,S< ) wmhroni-ri on tin 
Srn/rtConlnl. Il rode doesn't ask for the lock, then that code 
is still free to hit the context attributes, But if you’re designing 
the web app. then you can decide to make everyone ask lor the 
lock before accessing the attributes. 




r torvtM itbr.kx.tc*, 

6 ° ixy ^ , 

or, the Ser-M. 
tiv.se other ?arb °* the 
Y Will st.ll he able to 
it content* 


ServletContext 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws lOException, ServletException I 


response. setContentType t "text/htail") j 
PrintWriter out - response.get.Writer<); 


out .pnntln("test context attributes<br>"); 


synchronized(getServletContext <)) { 

: 1 . ' , : , 
getServletContext0.setAttribute("bar", "42"); 


,4> TW ,1 tt* «*| » . 

2 2 U ***.<* <V» 


t 


- ut.printIn(getServletContext().getAttribute("f, , ”)); 
out.println(getServletContext().getAttribute("bar "!)i 


Code fkif aTc« ^ ***" "»( e d ** 

ALSO oh / °7 ?•* 

B “‘ tts» a, M v ■ 


r ex 

co 


Expect to see lots of 
code about thread-safety 


On (he exam, you'll see plenty of codeshow- 
mg different strateg.es for makmg attnbules 
thread-safe You'll have to decide if the code 
works, given a partreu/ar goal Just because 
the code is legal (compiles and runs), doesn 
mean it'll solve the problem 
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session attributes and thread-safety 


Are Session attributes thread-safe? 

Think about it. 

\\V haven't talked about HTTP sessions in detail Net (wc will 
in the Sessions chapter. but you already know that a session 
is an object used to maintain conversational state with a 
«lient I he session persists <uron multi ft If rtqur.ds from Ihf umt 
limit. But it's still just one client we’re talking alxmt. 

And if it'> one client, and a single client can be in onl\ 
one rerptest at a time, doesn't that automata ally mean that 
sessions are thread-safe? In other words, even if multiple 
servlets nrt involved, at any given moment there's only one 
request from that particular client... so there's only one 
thread operating on that session at a time. Right? 


Revert / Thread iA 


Session Attributes 



get 


servlet y 

j/* Servlet B 
Request 8 / Thread 8 


Even though both servlet* ran access the Session attributes 
in separate threads, each thread is a separate request. So ii 
looks safe. 

Unless... 

Can you think of a scenario in which there could be more 
than one request at thr same Umt, from the utmr ilifttR 

What do yon think? Are session attributes 
guaranteed thread-safe? 



JSP View 
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attributes and steners 


What's REALLY true about attributes 
and thread-safety? 


I.islen in as our two bl.it k-bell.s discuss die 
issues around protecting the stale of ailrilnues 
from multithreading problem*. 



We know that c ontext attribute* are inherently NOT 
sale, because all piece* of the app can access context 
attributes, from any request i which means any 

thread). Yes matter. And I know that synchronizing the service 

method is not a solution, because although it will stop 
that servlet from servicing more than one request at 
a time, it will NOT stop other servlets and.JSPs in the 
same web app from accessing the context. 


Vers good. Now what about Session attributes. Are 
they safe? 


Yes matter. They are tor only one client, and the laws 
of physics prevent a c lient from making more than 
one request at a time. 


You have mueh to learn, grasshopper. You do not 
know the truth about session attributes. Meditate on 
this before speaking again. 

But master. I have meditated and still 1 do not know 
how one client could have more than one request... 

You must think outside the Container. 

Color outside the lines. Run <iith ui.isoi :c 


Very wise advice, master! I have it! The client could 
open a new browser window! So the Container i an 
still use the same session for a client, even though it's 
coming from a dillereni instance ol the browser? 

Yes! The Container can see the request from the 
second window as coining front the same session. 

fSo Session attributes are not thread-safe, and they. too. 
must be protected. I will meditate on this... 

And how would you protect these session attributes 
from the havoc of multiple threads? 

Ah.., I must synchronize the part of my code that 
accesses the session attributes. Just the way wt did lot 
the context attributes. 

That is good, yes, but synchronize on what? 

/ must synchronize on the HttpSession! 
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synchronize on the session 


Protect session attributes by 
synchronizing on the HttpSession 


Look in I hr tcrhnii|iir vvr used lo prolrrl ilir cautrxt 
attributes. What did \vc du? 

You ran do dir same thing with srssion attributes, by 
synchronizing on the HttpSession object! 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws IOException, ServletException ( 

response.set.ContentType ("text/html"); 

PrintWriter out = response.getWriter0; 

out.printin("test session attributes<br ") ; 

HttpSession session = request.getSession() ; 

synchronized(session)^ ^ TW.s we 0*e 

session.setAttribute("foo", "22"); H-fctfS**" 0 " obtect. xe r 
session.seLAttr ibuLe ("bar", "42”); session attribute 1 

out.priritln(session.getAttribute("too") ); 
out.println(session.getAttribute("bar")); 

> 

) 


cter^estiom 

0 : . 


_u *L • _i.:m • . 41.!._* i___!L:i!4.. .4 

on i mu owmiii; i> irm rruny a pu»iuimy... mm 


a client will open another browser window? 


Q: 


Isn't It * b?d id?* to syrKhronlz? cod?, b?c**js? it 
causes a lot of overhead and hurts concurrency? 


A ; 

£\ Of course it is. Surely you've done this yourself 
without a second thought—opened a second window 
because you were tired of svaiting for the other one to 
respond, or because you minimized one, or misplaced the 
window without realizing it, etc The point is, you can t 
take the chance if you need thread safety for your session 
variables. You have to know that it's quite possible for a 
session-scoped attribute to be used by more than one 
thread at a time. 


You should ALWAYS think carefully before 
synchronizing any code, because you're right—it does 
add some expense in checking, acquiring, and releasing 
locks. If you need protection, then use synchronization but 
remember the standard rule of all forms of locking keep 
the lock for the shortest amount of time to accomplish 
your goal! In other words, don't synchronize the code that 
doesn't access the protected state. Make your synchronized 
block as small as possible. Get the lock, get in. get what 
you need, and get the heck out so the lock can release and 
other threads can run that code. 
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SingleThreadModel is designed to 
protect instance variables 

Here’s what the servlet spe» ification says about the 

SingleThreadModel <u STMi interface: 


Here's 
the key 
^art ~ 


Ensures that serv lets handle only one request at a time. 

This interface has no methods. If a servlet implements 
this interface, you ate guaranteed that no two threads 
u ill execute i mu Hi n-iillv in the servlet's seiviic meth'Hl , 
The serv let container can make this guarantee l»\ 
synchronizing access to a single instance of the seivlet, 
or hv maintaining a pool of servlet instances and 
dispatching each new request to a free servlet. 


Put how does the web container guarantee a 
servlet gets only one request at a time? 


Tovar servlet 
should tsfcsd 


HTTPSewlet 




but ca n also 
•"•flemcnt the 


SiisjleTWead/Vlodel 
interface -. 


HTTPServlet 

(from javax. servlet/ | 

«inlm1ace» 

SingleThreadModel 



2 

- 1 


MyServlet 





MvServlet i".fWi»e*»t* 

, the -eh w.l 


The web container vendor has a choice. The container 
can maintain a single servlet, but queue every request and 
process one request completely before allowing the next 
request to proceed. < h the container can create a pool of 
serv let instances and process eat It request concurrently, 
one per senlei instance. 

Which S I'M strategy do you think is better? 


Queue all requests 


J "d the web 


Send requests through a pool 


pith rtv tst 
yt> a tided tfi 
the vp* 4 
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request queueing or servlet pooling 


Which is the better STM implementation? 

< Ince again we must consult mu IiI.h k hells. 

These guys must know the score oil the hesi STM 
implementation. Let's see them battle it out... 


0 

Queue all requests Send requests through a pool 

Queuing the requests to a single sen let makes the 
most sense. It clearly implements what the spec 
writers intended. 

Hut master, won't performance he impacted? Surely, 
queuing each request prevents multiple users from 
access to the same servlet? 




Yes, hut that is the only way to protect the instance 
variables ol the servlet. 


.Mill, you see deeply into the fortune cookie, my 
student, but you do not see just how deadly that 
fortune might lx-... 


But master, the container may also create a pool of 
servlet instances. Then the container can proc ess 
one request with one servlet instance and another 
request with a second instance. Each request is 
handled in parallel. 


You speak in riddles, master. What could possibly go 
wrong with the pooling strategy? 


The servlet spec defines that a singl< servlet 
declaration in the deployment descriptor becomes 
a single object insiancr at runtime, hut now using 
the STM interface, this definition is no longer 
valid. Can you imagine a scenario in which having 
multiple servlet instances fails? 


YES! You have penetrated the depth of the ruse 
that is servlet pooling. The semantics of the “single 
servlet instance" definition is lost. The servlet has 
lost touch w ith reality. 


Hmm, what if one of the instance Variables is meant 
to record how many requests have been processed. 
The counter variable would have several different 
counts, and none of them would he right... only the 
summation of them is correct. 
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editions 


What's up? Why is the servlet spec so wishy-washy? 

A ! 

£\’ The specification writers wanted to give the container 
vendors the opportunity to compete with each other in 
terms of performance and flexibility. 





How do I know which strategy my vendor uses? 


A: 

X\ Well, hopefully it is written down in some part of the 
documentation for the web container. If not, you should 
contact your container vendor, and ask them. 

0 = 

How will the STM strategy change how I write my 
servlet code? 


u 



You do not need fo 
know about these 


container STM strategies 

for the exam. 


A: 

If the container uses a queuing strategy, then the 
“single servlet instance” semantics still hold and you do not 
need to make any code changes. But if the container uses 
a pooling strategy, then the semantics of some instance 
variables might change. For example, if you have an instance 
variable that holds a "request counter," then that variable no 
longer can be counted on when multiple servlet instances 
are created in the pool. In this case, you could choose to 
make the counter variable a class variable instead. 



But are class variables thread-safe? 


No, they are not, and the STM mechanism does not 
help with class variables. Yes, it protects instance variables 
from concurrent access, but by pooling multiple instances 
the semantics of the servlet changes. Furthermore, STM does 
not help with other variable or attribute scopes. You are on 
your own... 


0 = 

So what good is using the SingleThreadModel? 

A: 

None, really. Which is why STM has been deprecated 
from the servlet API! — 


^Sharpen your pencil 

Place a checkmark next to the things that are 
NOT thread-safe (We did the first one.) 

af Context-scoped attributes 

□ Session-scoped attributes 

□ Request-scoped attributes 

□ Instance vanables in the servlet 

□ Local vanables in service methods 

□ Static vanables m the servlet 


you are here ► 203 








request attributes ire thread-safe 


Only Request attributes and local 
variables are thread-safe! 


That’s it \\i- im'ltirir mriluxl paranir'lcrs when we sa\ 
“local variables”). Evrnlhiug tlst is subject In manipulation 
hy multiple threads, unless you do something to stop it. 


Dun] r (Sue ?st ions 




So instance variables aren't thread-safe? 


A: 

That s right. If you have multiple clients mak¬ 
ing requests on that servlet, that means multiple 
threads running that servlet code. And all threads 
have access to the servlet's instance variables, so 
instance variables aren't thread safe. 


0 : 

^ But they WOULD be thread-safe if you imple¬ 
mented the SingleThreadModel, right? 


A • 

Yes, because you'd never have more than 
one thread for that servlet, so the instance variables 
would be thread-safe. But of course nobody would 
ever allow you into the servlets club ever again. 


O: 

But if you're not supposed to use Single¬ 
ThreadModel or synchronize the service method, 
then how DO you make instance variables thread- 
safe? 


A: 

_[\ You don’t! Look at a well written servlet, and 
chances are you won’t find any instance variables. Or 
af least any that are non-final. (And since you’re a Java 
programmer you know that even a final variable can 
still be manipulated unless it's immutable.) 

So just don't use instance variables if you need 
thread-safe state, because all threads for that servlet 
can step on instance variables. 




Then what SHOULD you use if you need mul¬ 
tiple instances of the servlet to share something? 


n : 

^ I was just talking hypothetirnlly As in, 

"if someone WERE stupid enough to implement 
SingleThreadModel...” Not that I would ever do 
it. But while we're being hypothetical... if I have a 
friend who, say, synchronizes the service method, 
wouldn't that ALSO make the instance variables 
thread-safe? 

A: 

xi Yes. But your friend would be an idiot. The 
effect of implementing SingleThreadModel is virtually 
the same as synchronizing the service method. Both 
can bring a web app to its knees without protecting 
the session and context itate. 


A: 

r » Stop right there! You said “multiple instances 

of the servlet” We know you didn't mean that, be¬ 
cause there is always only ONE instance of the servlet. 
One instance, many threads. 

If you want all the threads to access a value, decide 
which attribute state makes the most sense, and store 
the value in an attribute. Chances are, you can solve 
your problems in one of two ways: 

1) Declare the variable as a local variable within the 
service method, rather than as an instance variable. 

OR 

2) Use an attribute in the most appropriate scope. 
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Request attributes and Request dispatching 


Rrqurst attributes make sense when you 
want some other component of the app to 
lake over all or part of the request. < )ur 
tvpieal. simple example is an MVC app that 
starts with a servlet roHtroller, but ends with a 
.ISP new. The controller communicates w ith 
the model, and irds hack data that the view 
needs in order to build the response. There's 
no reason to pul the data in a context or 
session attribute, since it applies nnh to this 
request, so we pul it in the request scope. 

So how do we make another part ol the 
component t;ikc over the request:’ With a 

ReffuestDispatcher. 


// code in a doGet t) 

BeerExpert be = new BeeiExpett(); 
ArrayList result - be.getBrands<c); 


p u t model dita 
,*b> Re^esi stofe 


request.setAttribute("styles", result ): 


$et a d<s?ab*er 
for fhe tie* 

RequestDicpatcher view = 

request.getRequestDispatcher("result.jsp"); 




Tell JSP fo foicr AiMto xl i 


© 


The Beer servlet calls the getBrands() 
method on the model that returns some 
data that the view needs 


(5) The servlet sets a Request attribute named “styles". 
(First it puts “Moose Drool” into an ArrayList.) 




getBrandsQ 
"Moose Drool 


Controller 


object 


setAttribute("styles”, results) 



Controller 


D 

HttpRcquest 


C 3 \ The servlet asks the HttpRequest for a 
RequestDispatcher, passing in a relative 
path to the view JSP. 


getRequestDispatcherfurjToView) 



Controller 



Http Request 


( 4 ) The servlet calls forward() on the Requcst- 
' Dispatcher, to tell the JSP to take over 
the request (Not shown: the JSP gets the 
forwarded request, and gets the "styles’ at¬ 
tribute from the Request scope.) 



forword(request, response) 



RequestDispatcher 
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the RequestDispatcher 


RequestDispatcher revealed 

Rt(|iu stl)U|»alcln rN haw only two methods —forutirdf) and 
niihula). Both take the r«*<|*u*si ami response objects whic h 
tin* component you’re forwarding to will need to linish 
the job). (M the two methods, forward is In far the most 
popular. It's very unlikclv you'll use the include method from 
a controller servlet: however, behind the scenes the include 
method is bring used byJSRs in the <jsp:inelude> standard 
action (which we'll review in chapter 8). You can get a 
RequestDispatcher in two ways: from the request or from the 
< ontrxt. Regardless of where you gel it. you have to tell it the 
web component to which you're forwarding the request, lit 
other words, the servlet or JSI* that’ll take over. 


«intertace» 

_ RequestDispatcher _ 

forwardlServletRepuest. ServletResponse) 
incfodefServ/efRequesf ServletResponse) 


javax.servlet.RequestDispatcher 


Getting a RequestDispatcher from a ServletRequest 

Requestpispatcher view - request.getP.equeatDispatcher("result.jsp")t 


The gelRequestD«spatcher{) method in ServletRequest takes a String path 
for the resource to which you re forwarding the request II the path starts with 
a forward slash {'/*) the Container sees that as 'starting from the roof of this 
web app" If the path does NOT start with a forward slash, it s considered 
relative to the onginal request But you can t try to tnck the Container into 
looking outside the current web app In other words just because you have 
lots of ‘J.J.f doesn t mean it'll work if it takes you past the roof of your 
current web app! 


a-** “r; 

a f^ard slash tr» So m this 

, !o<u6al location the revest .s 


Getting a RequestDispatcher from a ServletContext 


RequestDispatcher view = getServletContext().qetRequestDispatcher("/result.jsp"); 


Like the equivalent method in ServletRequest, this getRequestDispalcherfl 
method takes a String path for the resource to which you're forwarding the 
request. EXCEPT you cannot specify a path relative to the cuirent resource (the 
one that received this request? That means you must start the path with a 
forward slashI 


X 

You MUST use the 

»l vk u M ik ill# 

1 Wl woe v# t wit,** W"W 

jetK U isf aUKcv-0 

method of Servlet Content 


Calling forward() on a RequestDispatcher 

view. forwar 1 (request, response ) > 

Simple The RequestDispatchet you got from your context or request knows the 
resource you re forwarding to—the resource (servlet, JSP) you passed as the 
argument to getRequestDtspatchen ) So you re saying. ‘Hey, RequestDispatchet 
please forward this request to the thing I told you about earlier (In this case, a 
JSP). when I first got you And hete's the request and response, because that 
new thing is going to need them In order to finish handling the request 
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What's wrong with this code? 

What do you think.’ Dim s tins Kc-r{uestDi*paU'hcr code 
look lik<- it will work (hr vva\ you’d expet ti* 


public void doGet(HttpServletRequesc request, HttpServletResponse response) 

throws roF.xcept ion, ServletExceptIon ( 

response.setContentType("application/jar"); - 

ServletContext ctx - qetServletContext(); 


InputStream is = ctx.getResourceAsStreani("bookCode.jar"); 
int read = 0; 

byte(| bytes = new byte(10241; 

OutputStream os •* response.getCiutputSt ream!) ; 
while ((read = is.read(bytes)) != -1) < 

os-write(bytes, 0, read); 



Assume tkit all 
this works 


os.flushO ; 

RequestDispatcher view = request.getRequestbispatcher("result.jsp"l 
view.forward(request, response); 
os.close(); 


You'll get a big, fat lllegal$tate£xception! 


BOj you can’t forward the request 
if you’ve already committed 
a response! 

find bv 'committed a response we mean, cent the 
Xnns. lo the client' Lot* el the coPe again The big 
problem is: 
os .flush () : 

That 's the line that causes the response to be son, to 
the client, and at that point, this response is DON 

finished OVER You can t possibly forward the 

™S.°s^n, because the -M***-*, 
VbuV» already responded, and you get only one shot 

at this. 

So don 't be fooled if you see questions on the exam 
a request AFTER a response sen! n» 
Container w* throw an tltegalStateExceptron. 


0 : 

^ How come you didn’t talk about the 
RequestDispatcher included method? 

A: 

It's not on the exam, tor one thing. For 
another, we already mentioned that it’s not 
used much in the real world. But to satisfy 
your curiosity, the included method sends the 
request to something else (typically another 

sei vlet) tu do tunic wuik und then ivinn buck 

to the sender! In other words, included means 
asking for help in handling the request, but 
it's not a complete hand-off. It's a temporary, 
rather than permanent transfer of control. With 
forwardO, you're saying, That's it, I’m not do 
ing anything else to process this request and 
response." But with includeO, you're saying, 

'I want someone else to do some things with 
the request and/or response, but when they're 
done, I want to finish handling the request and 
response myself (although I might decide to do 
another include or forward after that...*). 
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listener exercise 


Exercise 


Remembering the Listeners 

ANSWERS 


Attribute listeners 

£ervletRe<\uestAttnbuteLutener 

SerrletContentAttributeListener 

HttpSessi on A ttribvteLi stener 

Other lifecycle listeners 

ServletRe«\i»estL-ittener 

^rletConte*tL.stener l-te-cw •» the 

HttpSessionListener “Attribute ’ mserted •" the Att ** 

MttpSetsionBindm^L-istener 

MttpSessionAetivationListener 

Methods in all 
attribute listeners 
(except binding listener) 

attnbvteAddedO 

attribwteRen.o»edO 

attnbvteReplaeedO 

Lifecycle events 
related to sessions 
(excluding attribute- 
related events) 

when the tetiton it treated, and when its dettroyed 

seuionCreatedO ( 

setsionPestroyedO (Note the« ** ° /Wa oter ) 

iWe Settlor tr ”' 

>r«ttx in 

vw — 

Lifecycle events 
related to requests 
(excluding attribute- 
related events) 

when the request is initialized w destroyed 

re«\vest|nrtializedO d-fW« between the ses^. 

re^stDestr^edO a^ revest events^- -****** . 

^uest is re^uestl wtializ^dO J 

Lifecycle events 
related to servlet 
context (excluding 
attribute-related events) 

when the content u initialized or destroyed 

ContentlmtializedO 

eontentPettroyedO 
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Exercise 


Attribute Scope 

ANSWERS 


Accessibility Scope What it’s good for 

(who can see it) (how long does it live) 


Context 

(NOT thread-safeO 

Any fart of the web app 
including servlets, JSPs, 
ServletContevtListeners, 

Ser vl etContent Attr i bute- 
Listeners 

Lifetime of the 
ServletConte*t, which 
means life of the deployed 
app |f server or app goes 
down, the Content is 
destroyed (along with its 
attributes) 

Resources you want the 
entire application to 
share, including database 
Connections, JNDl lookup 
names, email addresses, etc 

HttpSession 

(NOT thread-safe') 

Any servlet or JSP with 
access to this particular 
session Remember, a session 
extends beyond a single client 
request to span multiple 
requests by the same client, 
which Could go to different 
servlets 

The life of the session A 
session can be destroyed 
programmatically or can 
simply time-out (We'll 
go into the details in 
the Session /Management 
chapter) 

Data and resources related 
to this client’s session, 
not just a single request 
Something that requires an 
ongoing Conversation with 
the client A shopping cart 
is a typical example 

Request 

(Thread-safe) 

Any part of the application 
that has direct access to the 
Tkfd- mnd’Ktf 

The life of the Request, 
which means until the 

Servlet’s serviCeO method 
Completes In other words, 
for the life of the thread 
(stack) handling this 
request 

Passing model info from 
the Controller to the view 
or any other data specific 

i - i 

to a single client request 

^ J 9 

means only the Servlets 

and JSPs to which the 

request is forwarded using 

a RequestDispateher Also 

Request-related listeners 
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ix K0T required 


code magnets answers 




Code Magnets 

ANSWERS 

(configuring a context parameter in the DD) 


<web-app ... 



) 



<mit-param> is used ■for servlet mit 
parameters, not Content mrt parameters. 
You -find <inct—param> OUU^ inside a 
<servlet> element 

There’s no such thing as <servlet-param> 
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Wlirn using .1 RequestDispatcher the use nl which methods ran often lead 
1 lu an IllegalStateException. 1 (Choose all lliat apply.) 

G A. read 
G B. flush 
G C. write 
G D. getOutputStreara 
G K. getResourcoAsStream 


Which statements about ServletContext initialization parameters are true? 
Choose all that apply.) 

G A. They should lie used for data that 
changes rarely. 

G B. I hcy should he used for data that 
changes frequently. 

G C. The) ran he accessed using 

ServletContext.getParameter(String) 

G 1). They can be accessed using 

ServletContext.getlnitParameter(String) 

G E. The) should he used for data dial is speeifir 
to a particular servlet. 

□ K ! hf) shotild hr nsec! for data that is aiinjjii alije 
to an entire web application. 
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mock exam 


3 Which types define the methods getAttribute () ami setAttribute () ? 

(Choose all that apply. 


G 

A. 

HttpSession 

G 

B. 

ServletRequest 

G 

c. 

ServletResponse 

G 

I). 

ServletContext 

G 

E. 

ServletConfig 

G 

K 

SessionConfig 


If a servlet is invoked using the forward or include method of 
RequestDispatcher. which methods of the servlet's request object ran access 
the request attributes set by the container? (Choose all that apply 

G A. getCookies() 

O B getAttribute() 

G C getRequestPath() 

G I) getRequestAttribute () 

J K. getRequestDispatcher() 


Which calls provide information about initialization parameters that are 
applicable to an entire web application? (Choose all that apply, i 

I 1 \ —.-1 . i i.«U j t 

. v. at?*. vietcuiuiij . yucxnx urai.ciuK 2 u;i9 \ / 

G B. ServletContext.getlnitParameters() 

G ( ServletConfig.getInitParameterNames() 

G I). ServletContext.getlnitParameterNames() 

G E. ServletConfig.getlnitParameter(String) 

G F. ServletContext.getlnitParameter (String) 


212 


chapter 5 






attributes and sre/mrs 


Which statement* alrotit listener's are true? i Choose all that apply. 

Q A. A ServletResponseListener ran be used in perform an action 
when a .servlet response has lieCJl sent. 

D B. An HttpSessionListener can lie used to perform an action when 
.in HttpSession has timed out. 

Ll C. A ServletContextListener can l>e used to perform an action 
when the servlet context is about to he shut down. 

□ I). A ServletRequestAttributeListener can he used io 

perform an action when an attribute has heen removed from a 

ServletRequest. 

LJ E. A ServletContextAttributeListener can he used to perform 
an action when the servlet context has just been created and is 
available to sender its first request. 


Whit It is most logically stored as an attribute in session scope? 


U A. A copy of a query parameter entered by a user. 

J B The result of a database query to be returned 
immediately to a user. 

□ C. A database connection object used by all web 
components of the system. 

—J I). An object representing a user w ho has just logged into 
the system. 

LJ E. A copy of an initialization parameter retrieved from a 

ServletContext object. 
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(iiveri ihis rude from ;in otherwise valid HttpServlet lhal has also been 
registered .is a ServletRequestAttributeListener: 

10. public void doGet(HttpservletRequest req, 

HttpServletResponse res) 

11. throws IOException, ServletException { 

12. req.setAttribute("a", "b"); 

13. req. setAttributo ("a", "c") ; 

14 . req.removeAttribute("a"); 

15. } 

16. public void attributeAdded(ServletRequestAttributeEvent ev) ( 

17. System.out.print(" A:" + ev.getName() + + ev.getValue()); 

18. } 

19. public void attributeRemoved(ServletRequestAttributeEvent ov) { 

20. System, out. print(" M:" + ev.getName!) + "->" + ev. getValue ()) ; 

21 . ) 

22. public void attributeReplaced(ServletRequestAttributeEvent ev) ( 

23. System.out.print!" P:" + ev.getName!) + "->" + ev.getValue()) ; 

24. ) 


What losing oiii|>ui is generated? 

□ V 

□ R. 

□ C. 

□ I). 

□ E. 

□ F. 


A:a->b P:a->b 

A:a->b M:a->c 

A:a->b P:a->b M:a->c 

A:a->b P:a->b P:a->null 

A:a->b M:a->b A:a->c M:a->c 

A:a->b M:a->b A:a->c P:a->null 


Q When declaring ;i listener in the Dll which sub-elements of the <listener> 
element are required,' (Choose all that apply 

G A. <description> 

G R. <listener-name> 

G C. <listener-type> 

G D. <listener-class> 

G E. <servlot-mapping> 
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10 


Which types of objects can store attributes? I Choose alt that apply. 

U A. ServletConfig 
LI B. ServletResponse 
Q C. RequestDispatcher 
Q D HttpServletRequest 
□ E. HttpSessionContext 


Which are tr ue? Choose all that apply.) 

01 A. When a web application is preparing to shutdown, the order 
of listener notification is not guaranteed. 

L R. When listener-friendly events occur, listener invocation order 
is not predictable, 

Ul C. The container registers listeners based on declarations in the 
deployment descriptor. 

Q I). Only the container can invalidate a session. 


12 


Which statements about RequestDispatcher are true (where applicable, 
assume the RequestDispatcher was not obtained via a call to 

getNamedDispatcher () ’ Choose all that apply.) 

O A. A RequestDispatcher < an be used to forward a request to another 
servlet. 

U It. The only method in the P.equostDispatcher interlace if 

forward (). 

Q C, Parameters specified in the query string used to rrrnir a 

RequestDispatcher arc not forwarded by the forward!) method. 

IJ L). The serv let to which a request is forwarded may access the 
original query string by calling getQueryStringO on the 
HttpServletRequest. 

LJ E. The servlet to which a request is forwarded may access the original 

query string by calling getAttribute("javax.servlet.forward. 
qucry_string") on the ServlotRcquost. 
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What is the recommended way to deal with servlets and thread safety? 
U A. Write the servlet code to extend ThreadSafeServlet 
_] H. Have the servlet implement SingleThreadModel 
O C. Log all servlet method calls, 

□ I). I sc local variables exclusively, and if you have to use instance 
variables, synchronize access to them. 


Given the following methods: 

- getCookies 

- getContextPath 

- getAttribute 

Match the methods above to the following i lasses or interfaces. Note that each method can 
be used more than once. 

HttpSession ...„.. 

ServletContext . 

HttpServletRequest . . 


15 


Which are true about the RequestDispatcher interlace? I Choose all 
that apply. 

tel A. Of its two methods, forward!) is used most frequently. 

J 15. Its methods take the following arguments: a resource, a request, 
and a response. 

L) C. Depending on lilt- class whose method creates a 

RequestDispatcher, the path to the resource to be forwarded 
to will change. 

LJ D. Regardless of the class whose method creates a 

RoquestDispatchor. the path to the resource to be forwarded 
to will NOT change. 

tel E. It your sen let invokes RequestDispatcher. forward it 

ran send its own response to the client before, but not after the 
invocation of forward. 
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1 


Whfii tisinjjr ,i RequestDispatcher. (lie use of which methods t an often l<*a<l 

lo an IllegalStateException.' 1 (Choose all that apply.) (c^vlet T) 


—J A read 
Si B. flush 
C. write 

Q I). getOutputStreara 
□ K. getResourcoAsStream 


IHeylStateExcept.on .i tauied 
when a response has already been 
'co«.m.tted to the thent (the blush 
method does that), and then you 
attempt a forward 


IhD 


2 


Whkh statements about ServletContext initialization parameters are true? 

(Servlet * 1 * W V) 


Choose all that apply.) 

fiT A. They should be used for data that 
changes rarely. 

O B. I li< \ should be used for data that 
changes frequently, 

□ G. Tltes can be accessed using 

ServletContext.getParameter(String) 

id 1). They can be accessed using 

ServletContext.getlnitPar ante ter(String) 


-Option B IS incorrect because 
ServletContext met parameters are 
only read at Container start-up time 

-Option C is incorrect 
because this method 
does not exist 


□ E. 

A F 


I hey should he used for data that is specific 
to a particular servlet. 

I hf\ dmidd be used for d:ifa *!;:>! is :ii>njir:ihjr 

to an entire web application. 


-Option E is incorrect because 
there is only one ServletContext 
object per web application 
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Whic h types <It-fine* the methods getAttribute () and setAttribute() 


iChoose all that apply 

HttpSession 
ServletRequest 
ServletResponse 
ServletContext 
ServletConlig 
SessionConfig 


1 v in 

i: 

□ c t 

Sf i). 

□ E. 

□ K 


(SerM -X* T* ^ 


If a servlet is invoked using the forward i»i include method of 
RequestOispatcher. which methods of the servlet's request ohje< i 
the request attributes set by the container? (Choose all that apply 

LJ A. getCookies 
li getAttribute 
G C. getRequestPath 
G 1) getRequestAttribute 
J K. getRequestDispatcher 


(Servlet^ 


can .tii rss 


-Opt)on 8 is -the correct method 
With ct you tan attess the Container 
populated Uva* sewlet forward-)*** and 
javjn.servlet intlude )<*** attributes 

—Options C and D refer to 
methods that don't e*ist- 


5 


Wliich calls pros ide information about initialization parameters th.it arc (c^vlet v2~A" 
applicable to an entire web application? .Choose all that apply.) 


n , 

□ B. 

□ C. 




f _ 1 _ £. _ M 

oei v it: cc,uim.y . yt: h-xiix c rdi ouic icia \ / 

ServletContext.getlnitParameters() 
ServletConfig.getlnitParaineterNaines () 
ServletContext.getlnitParameterNames() 
ServletConfig. get Ini tPar ante ter (String) 
ServletContext.getlnitPararoeter(String) 


-Options A and 8 are incorrect 
because these methods do not e*ist 


-Options C and E are ineorreet because 
they provide aceess to servlet-specif* 
initialisation parameters 
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Which statements alrotit listeners are true? i Choose all that apply. 


(SerM n ® 0) 


□ A 

^ B. 

if c. 
sT i). 

□ E. 


A ServletResponseListener i an l><- used in perform an action 
when a iei\ l< l mpotiM' has Iktii sent. 

An HttpSessionListener can he used to perforin an action when ServletRcspcmseListener 
an HttpSession has timed out. m ■terete 

A ServletContextListener can he used to perform an action 
when the servlet context is about to he s|un down. 


-Oft* 0 " A * incorrect 
because these is no 


A ServletRequestAttributeListener can be used to 
perform an action when an attribute has been removed from a 

ServletRequest. 

A ServletContextAttributeListener < an he used to perform 
an action when the servlet context has just been created and is 
available to service its first request. 


-Oy t»n & u 
incorrect because a 

ServletContextListener 

would be used -Cor this 


purpose 


Which is most logically stored as an attribute in session scope? 


(Servlet v2- * W ^ 


J A. A copy of a query parameter entered by a user. 

J B The result of a database query to be returned 
immediately to a user. 


AW A « '“TV/ 1 *' 1 

LLtt. •> hr“"t “ft. 

r -j.-J.-ki 4-0 0?tratM 


bon 


-Option & II incorrect because such 
data ii typically either ,immediately 
returned or stored m request scope 


□ C. 

d I). 


A database connection object used by all web -Option C is incorrect because (since it 
components of the system. is not speCif iC to a particular session) it 

should be stored in Context scope 

An object representing a user who has just logged into 
the system. 


E. A copy of an initialization parameter retrieved from a -Oybo* & « mtorrect because servlet 
ServletContext object. Context parameters should stay *,+h 

the ServletContext object 
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8 


Given ihis code from an otherwise valid HttpServlet that has also been 
registered .is a ServletRequestAttributeListener: 


(S*rM v2JV ft 




10. public void doGet(HttpservletRequest req, 

HttpServletResponse res) 

11. throws IOException, ServletException { 

12. req.setAttribute("a", "b"); 

13 . req. setAttributo ("a", "c" ) ; 

14 . req.removeAttribute("a"); 

15. } 

16. public void attributeAdded(ServletRequestAttributeEvent ev) { 

17. System.out.print(" A:" + ev.getName() + + ev.getValue()); 

18. } 

19. public void attributeRemoved(ServletRequestAttributeEvent ov) { 

20. System.out.print(" M:" + ev.getName{) + + ev.getValue()) ; 

21 . ) 

22. public void attributeReplaced(ServletRequestAttributeEvent ev) ( 

23. System.out.print(" P: w + ev.getNameO + + ev.getValue()) ; 

24. ) 


What Inking output is generated? 

J A. A:a->b P:a->b 

□ B. A:a->b M:a->c 

C. A:a->b P:a->b M:a->c 
U I) A:a->b P:a->b P:a->null 

_) E. A:a->b M:a->b A:a->c M:a->c 

D E A:a->b M:a->b A:a->c P:a->null 


-TrifW The yt\/alue 
method returns the OLD 
value of the attribute if 
the attribute was reflated 


rv 


y 


When de< laring a listener in the DD. which sub-elements of the <listener> 
element are required? (Choose all that .ipplv 


□ A. <description> 

Q B. <listener-name> 

IJ C. <listener-type> 

D. <listener-class> 
U E. <servlet-mapping> 


-The <lutener-dass> sub-ele»erit »» 
the ONlV required sub-ele»*>er>t or 
the <lutenee> element 


(ServlelviA 

sett'Or 10T 


i \V^°\ > 


220 chapter 5 



attributes and signers 


10 


Which types of objects can store attributes? (Choose all that apply. 

G A. ServletConfig 
LJ B. ServletResponse 
G C. RequestDispatcher 
Sj I> HttpServletRequest 

G E. HttpSessionContext -Ofbon £ is invalid because 

there is no such type 


-Option A. B. and C are 

invalid became these types do 
not store attributes 


(API) 


Note The other two 
types related to servlets, 
that tan store attributes 
are Http Session and 
ServletConte*t 


11 


Which arc true? Choose all that apply.) 

□ A. When a \seb application is preparing to shutdown, the order 
ol listener notification is not guaranteed. 

G B, When listener-friendly events occur, listener invocation order 
t is not predictable, 

U C. The container registers listeners based on declarations in the 
deployment descriptor. 

G I). Oitl) the container can invalidate a session. -Option D is incorrect because a 

servlet can invalidate a session using 
the HttpSession.invalidateO method 


^ulet vlA ?¥ 01 


-Option* A and B are 
mCorrett because the 
Container uses the DD to 

order of registered listeners 


12 


Which statements about RequestDispatcher are true (where 
applicable, assume die RequestDispatcher was not obtained via a call 

to getNamedDispatcher () Choose all that apply.! 

^ A A RequestDispatcher can be used to forward a request to 


(Servlet ft w) 


another servlet. 

G B. The onlv method in the RequestDispatcher interlace is 

torwarct (). 


-Option B is inCorreCt 
bww3»sf ifi ter face also 

Contains an include method 


G C. Parameters specified in the query string used to create a 

RequestDispatcher are not forwarded by the forward!) 

method. 

G I). The servlet to which a request is forwarded may acc ess Un¬ 
original querv string by calling getQueryString () on the 
HttpServletReques t. 

Bj K. The servlet to which a ret|uest is forwarded may access the 
original cpten string by calling getAttribute (" javax. 
servlet.forward.query_string") on the 
Servle tReques t 


-Option C is incorrect 
because such parameter* 
are forehanded in th« case 

-Option D is inCorredt because 
this method returns the query 
string on the URL pattern from 
the RequestDispatcher 
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13 


ii) 

What is the recommended way to deal with servlets and thread safety? (Servlet syet ? 

□ A. Write the servlet code t<> extend ThreadSafeServlet o 0 x l0 _ A and B tafcwrett 

L) B. Have the servlet implement SingleThreadModel because 1 ^p| 

Q C. Log all servlet method calls. ^ U'« .. 

a I) Use local variables exclusively, and if you have to use instance deprecated w version 2-A" and 
variables, synchronize access to them. not retommended 


14 


(API) 


Given the following methods: 

- getCookies 

- getContextPath 

- getAttribute 

Match the methods above to the following classes or interfaces. Note that each method can 
be used more than once. 

HttpSession .. 

ServletContext ..JgjjfesW*. . 

HttpServle tReque s t .. .. 


At this point this shouldn't really about 
memorization as muth as about what methods 
would make sense in each scope 


15 


Which are true about the RequestDispatcher interface? Choose all 
that apply.I 

IjQ A. Of its two methods, forward () is used most frequently. 


Q B. Its methods take the following arguments: a resource, a request, 
and a response. 

XI C. Depending on the ciass whose method creates a 

RequestDispatcher. the path to the resource to he forwarded 
to w ill change. 


J 1). Regardless of the ^ lass whose method creates a 

RequestDispatcher. the path to the resource to he forwarded 
to w ill NOT change. 


Q E- If your sen let invokes RequestDispatcher. forward, it 

can send its own response to the client before, lull not after the 
invocation of forward. 


(API) 


-Option B the resource 
is specified at object 

sl-i/sn 4 

lr« LBWWO W"'U 


"Option £ |f $erV | e ^ 

a» RD, rt can never 
send its own response 
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S session management 


Conversational state 



Web servers have no short-term memory. As soon as they 

send you a response they forget who you are The next time you make a 

request, they don't recognize you In other words, they don t remember what 
you ve requested in the past, and they don't remember what they've sent you 
in response Nothing. Sometimes that's fine But sometimes you need to keep 
conversational state with the client across multiple requests A shopping cart 
wouldn't work if the client had to make all his choices and then checkout in a 
single request You’ll find a surprisingly simple solution in the Servlet API 
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official Sun exam objectives 


OiwtKTwes 



Coverage Notes: 

All Jour nj the turn objectives on session 
management are coveted completely in this 
chapter Ialthough some of these topics were 
tom hn! on in the previous chapter), This 
chapter is rout one chance to learn and 
memorise these topics, so take tour time. 


4.3 Using session listeners, write code to respond to 
an event when an object is added to a session, 
and write code to respond to an event when a 
session object migrates from one VM to another. 

4.4 Given a scenario, describe which session 
management mechanism the Web container 
could employ, how cookies might be used to 
manage sessions, how URL rewriting might be 
used to manage sessions, and write servlet code 
to perform URL rewriting. 


Session Management 

4.1 Write servlet code to store objects into a 
session object and retrieve objects from a 
session object. 

4.2 Given a scenario desenbe the APIs used to 
access the session object, explain when the 
session object was created, and describe the 
mechanisms used to destroy the session object, 
and when it was destroyed 
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Kiw wants to keep client-specific 
state across multiple requests 

Right limy, tin- business logic in tin- model 
simply checks tin- parameter front the request 
and gives hack a response the adder'. i. Nobody 
in the app remembers anything that went on with 
this client prior to the current request 


What he has NOW: 


public class BeerExpert ( 

public ArrayList gecBrands(String color) 
ArrayList brands = new ArrayListOf 
if (color.equals("amber")) ( 
brands.add("Jack Amber"); 
brands.add("Red Moose"); 

) else l 

brands.add(”Jail Pale Ale") 
brands.add("Gout Stout"); 


I 

return brands; 


VVe thetk tfc« 

***** 

(tolar) bat “ 

(a. J r 7) 

that f-t ** 

Thu ant 


What he WANTS: 

public class BeerExpert ( 


The model (the business loyt) 
bar to fifture out whether it hat 
enough information to mjlte a 
recommendation (in other words, 
to 3 .ve -final advi u), and ,( rt 
doem t, it hat to ^ive batk the 
next Question to atk the user 


public NextResponse getAdvice(String answer) t 
// Process client answer by looking at 
II ALL of the client's previous answers, as well 
II as the answer from the current request. 

// if there's enough info, return final advice, 

II else, return the next question to ask 

I 

liars eniaH*^ 1 

for the user, dnd 

whether it's the f««a» 

another question 


!e*tRei? 0f ' s * 1 

. 1- il.tnbw 
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It's supposed to work like a REAL conversation... 








226 chapter 6 


session management 


How can he track the client's answers? 


Kim*s design won’t work unless he t an keep track of eierything 
the client has already said during the conversation, not just the 
answer in the current request. He needs (he servlet to get the 
request parameters representing the client's choices, and save ii 
somewhere. Each time the client answers a question, the advice 
engine uses all of that client's previous answers to come up with 
either another question to ask, or a final recommendation. 

H'hat are some options? 


Use a stateful session enterprise javabean 


Sure, lie could do that. He could have his serv let heroine a 
client to a stateful session bran, and each time a request comes 
in he could locate that client’s stateful bean There arc a lot of 
little issues to work out, but yes. you can certainly use a stateful 
session bean to store conversational slate. 

But that’s uin too much overhead owvki/f\ fen this app! Besides. 
Kim’s hosting provider doesn't have a fulIJ'JKK servet with .in 
l‘j|B ( Container. Hi 's got Tomcat a web Containei and that’s it. 


Use a database 

This would work too. His hosting provider does allow access to 
MySQL, so he could do it. He could write the client’s data to a 
database... Inn this is nearly as much of a runtime performance 
hit as an enterprise bean would he, possibly more, And way more 
than he needs. 



An HttpSession object can 
bold conversational state 
across multiple requests 
From the same client. 

In other words, it persists 
For an entire session with 
a specific client. 

We can use it to store 
everything we get baclc 
From the client in all the 
revests the client makes 
during a session. 


Use an HttpSession 


u 


Bill you already knew that. We can Use an HttpSession object to 
hold the conversational state across multiple requests. In other 
words, for an entire session with that elient 


Actually. Kim would still have lo use an HttpSession even if he 
did choose another option such as a database or session bean, 
because if the client is a web browser, Kim still needs to match 
a specific client with a specific database key or session bean ID. 
and as you’ll see in this chapter, the HttpSession takes care of 
that identification.) 
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How sessions work 


© 


Diane selects "Dark" 
and hits the submit 
button. 


The Container sends the 
request to a new thread of 
the BeerApp servlet 


The BeerApp thread finds the 
session associated with Diane, and 
stores her choice (‘Dark”) in the 
session as an attribute. 



© 


The servlet runs its business logic (including 
calls to the model) and returns a response... in 
this case another question, "What price range?" 




© 


Diane considers the new 
question on the page, 
selects "Expensive" and 
hits the submit button. 


▼ - - 

% 


The Container sends the 
request to a new thread of 
the BeerApp servlet 


I 




Web Container 



The BeerApp thread finds 
the session associated with 
Diane, and stores her new 
choice ("Expensive”) in the 
session as an attribute. 


setAttributeQ. 



Same client 
Same servlet 
Different request 
Different thread 
Same session 


S>Se^ 
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© 


The servlet runs its business logic 
(including calls to the model) and 
returns a response in this case 
another question 




Meanwhile, imagine ANOTHER client goes to the beer site... 


( 5 > Diane's session is still 

^ active, but meanwhile 

Terri selects “Pale" and 
hits the submit button. 


The Container sends Terri's 
request to a new thread of 
the BeerApp servlet 



a 


Web Container 


The BeerApp thread starts 
a new Session for Terri, and 
calls setAttribute() to store 
her choice ("Pale"). 



VVe don't «ant Terri and 
Diane’* answers »i«d <*f- 
SO thev each need them ow 
separate session object 


V 


x 




\ 

) 

J « 


r 


l 


Different client 
Same servlet 
Different request 
Different thread 
Different session 
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recognizing the chon: 


One problem... how does the Container 
know who the client is? 

The HTTP protocol Uses siatr/cu i imur-ctions. The client 
browner makes a nmnn lion to the server, sends the request, 
i>ets the response, and closes tlie connection. In other words, 
the connection exists for only a single request/response. 

Because the connections don't persist, the Container doesn't 
recognize that the client making a second request is the same 
client from a previous request. As far as tin- Container's 
concerned, each request is from a new client. 

I'm sorry, but I don't \ 
remember you. I'm sure we 'v 
hored good times together, 1 
but well have to start over. J 



How will the Container 
recognize it's Diane ond not 
Terri? HTTP is stateless, 
so each request is a new 
connection.. 



Dunlin (.Wst ions 

0 : 

Why r/in't th* fnntninpr jlltt ii«p thp IP adrlroc* of 
the client? It's part of the request, right? 

A: 

XI* Oh, the Container can get the IP address of the 
request, but does that uniquely identify the client? If you're 
on a local IP network, you have a unique IP address, but 
chances are, that's not the IP address the outside world 
sees. To the server, your IP address is the address of the 
router, so you have the same IP address as everybody else 
on that network! So that wouldn't help. You'd have the 
same problem the stuff Jim puts in his shopping cart 
might end up in Pradeep's cart, and vice versa. So no, IP 
address isn't a solution for uniquely identifying a specific 
client on the internet. 


O: 

WpII then hnw about «»rurity info? If th«* mar 
is logged in, and the connection is secure (HTTPS), the 

cvArn v ...l ~ «iu.» .uuo 

\.umamci miuiv> LAn\.iu wnv me wnviu i>, nym; 


A: 

f~\_ Yes, if the user is logged in and the connection is 
secure, the Container can identify the client and associate 
him with a session. But that's a big if. Most good web site 
design says, "don't force the user to log in until it really 
matters, and don't switch on security (HTTPS) until it really 
matters." If your users are just browsing, even if they're 
adding items to a shopping cart, you probably don't 
want the overhead (for you or the user) of having them 
authenticate to the system until they decide to checkout! 
So, we need a mechanism to link a client to a session that 
doesn't require a securely authenticated client. (We ll go 
into security details in the... wait for it... Security chapter.) 
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The client needs a unique session IP 

Tin* idea is simple: <>n tlx* client's first request, the Container 
generates a unique session ID and gives ii hark to the client 
with I lie response. The client sends hack the session ID 
with each subsequent request. The Container sees the 
11). finds the matching session, and associates the session with 
the request. 


-/Hey server, 

here's my first request 

*A.» A I A 


. . A 

with the parameter ) 

‘’dark". Can we start a \ 
conversation? y 


i Yes. but I'm state-challenged and 
/ won't remember you, so I'm giving 
l you a unique session ID. You MUST give 
f that back to me each time you make a 
^request, so I'll know it's you. 


q request, ' dark" a 

-@r 


r «spons, 


< 42 


J 




new 




>1 ID# 42 l 
^Wdark J 

/Yr ?pSe&' < ^ 


Container 


S’ 

( Here's my second 
\ request, with the parameter 
( "ale". My ID# is 42.. do / 
you remember me? J 


eter^N 


r 


\ 


■v 


Let's see #42 oh there \ 
you are! Yes, I remember 
you now Last time you said that 
you liked "dark" beer... __ 


) 


O 

o 


0 request, "a l e ", ID# 4 ? 

•'I — 



#42 



Container 
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the joy of Cookies 


How do the Client and Container 
exchange Session IP info? 

Somehow, llie Container lias lo gel the session 11) to llie 
client as part ol the response, ami tlie client has to send hack 
the session 11) as part of the request. The simplest and most 
common way to exchange the info is through cookies. 


Cookies 


+ ' - ^ 


"Set-Cookie" a \urt another 
header tent in the response 




0AAB6C8DE415 


■ tvtml* 


HTTP Response 




"Cookie" it another header 

_tent m the revest 

POST . --k- 

.- I 

u *' *».-t u«a U , 0 I 

Rookie: JS E SS.ON,O.OAAB6C8D £ 4 I5 

•n intif»nn« w um, [|||iW r — 

•‘*Wl«ll* 1HM| ^ |) I 
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The best part: the Container does 
virtually alj the cookie work! 


You ii<> have to ic*ll thr Container that you want to create or use 
a session. hut lilt* Container takes rare of generating the session 
ID. creating a new Cookie object. Mulling the session II) into the 
cookie, and setting the cookie as part of the response. .Vnd on 
subsequent requests, the Container gets the session ID from a cookie 
in the request, matches the session ID with an existing session, and 
assoc iales that session with the current request. 


Sending a session cookie in the RESPONSE: 


HttpSession session = 


request.getSession() 


That's it. Somewhere in your service method you ask for a 
session, and everything else happens automata ally. 

You don’t make the new HttpSession object yourself. 

You don't generate the unique session ID. 

You don't make tile new Cookie object. 

You don't associate the session ID with the cookie. 

You don’t set the Cookie into the response 
Minder the Sft-Cookir hcaderi. 

All the cookie work happens behind the scenes. 


,e Co*'^ am . o i , ve \j> do 

in) eke 1 

LL-a does wore 

, r ^ FIRST 

, a session, out i i 

L.nsoke^-^ rt rt 

T , ,-oVce to ^ 

ACCEPT 


G etting the session ID from the REQUEST: 

HttpSession session 


request.getSession() 


Look familiar.’* Yes. it's exactly the same method used to generate 
the session ID and cookie for the response! 

IF the request includes a session ID cookie! 

find the session matching that ID 

ELSE II ithere’s no session ID cookie OR there's no current 
session matching the session ID) 

create a new session. 

All the cookie work happens behind the scenes. 
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checking fora session 


What if I want to know whether the session 
already existed or was just created? 

Good question. The no-arg request method, ge I Session !, returns a session 
regardless of whether there's nprr-c\isting session. Since you always get an 
HttpSession instance back from that method, the only way to know it the 
session is new is to ask the session 

public void doGet (HttpServlet.Request request, HttpServ]etResponse response) 

throws IOException, ServletException ( 


response.setContentType("text/html"); 
PrintWriter out = response.getWriter(); 
out.printin("test session attributes<br>"); 


HttpSession session request.getSession(); 




I.J ask the session 
sess.or w>i«“ y°“ d 


atter 

new 


) 


iession 




a i 


out.println("This is a new session.”)f 
( else | 

out.println("Welcome back!”)? 

I 


You get a session by calling request.getSessionO, 
but is that the only way to get the session? Can't you get 
it from the ServletContext? 

* 

You get a session trom the request object because— 
think about it—the session is identified by the request. 
When you call getSessionO on the Container you're saying, 
'I want a session for THIS client... eithet the session that 
matches the session ID this client sent, or a new one. But 
in either case, the session is for the client associated with this 
request" 

But there is another way that you can get a session... from 
a session event object. Remember, a listener class isn't a 
servlet or JSP—it’s just a class that wants to know about 
the events. For example, the listener might be an attribute 
trying to find out when it (the attribute object) was added 
to or removed from a session. 




The event-handling methods defined by the listener 
interfaces related to sessions take an argument of type 
HttpSessionEvent, or its subclass, HttpSessionBindingEvent. 
And HttpSessionEvent has a getSessionO method! 


< „ ;«-- :.-.ui;„*--—- 

ju, ii yuu mi|jiciiitrliioM)r ui illciuui luicmri mitriidics 


related to sessions (we'll get to that later in the chapter), 
you can access the session through the event handling 
callback methods. For example, this code is from a class 
that implements the HttpSessionListener interface: 


pubbe void sessionCreatedf HttpSessionE vent even!) ( 
HttpSession session = event.getSession(); 

II eveni handling code 

} 
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What if I want ONLY a pre-existing session? 

You might have a scenario in which a servlet wants to use only a previously- 
created session. Ii might not make sense for the checkout servlet, for example, 
to start a Hru session. 

So there's an overloaded get.Session boolean! method just for that purpose. If 
sou don’t want to create a new session, call getSessionifalse), and you’ll get 
either null, or a pre-existing HltpSession. 

The code below calls getSessionflalsel, then tests whether the return value was 
null. II it was null, the code outputs a message and thru creates a new session. 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws IOException, ServletException ( 


) 


resp rise. set.CnntentType ("text/html ") > 
FrintWriter out = response.getWciter<); 
out.println("test sessions<br>"); 



HttpSt: ..ill La. _■ a ion = request. getSession (false); 


if 



(session=null) ( 


f/ow we tin test for whether 
there was already a session 
(the no-ar^ ytSessionO 
would MBl/ER return null) 


a “false" •ncim the method 
* a iCSS ‘°"' 

H .f there was sess.ow 
.,ated with this 


out.println("no session was available"); 
ut.print In("making ne..; 

session = request.qetSessionO ; ^ - Here we l(K0W were waking a new session 

) else ( 

out.print In("there was a session!"); 

I 


^ Isn't the code above just a stupid, inefficient way 
to do the same thing as the opposite page? In the end, 
you still created a new session. 

A; 

XJ. You're tight The code above is just for testing how 
the two different versions of getSessionO work. In the real 
world, the only time you’d want to use getSession(false) is 
if you do NOT want to create a new session If your goal is 
to create a new session, but still respond differently if you 
know this is a new (versus pre-existing) session, then use 
the no-arg getSessionO method, and simply ask the session 
if it's new using the HttpSession isNew() method. 


0 : 

^ So it looks like getSession(true) is exactly the 
same as getSessionO... 


A: 

X» Right again. The no-arg version is a convenience 
for those times when you know that you always want a 
session, new or existing. The version that takes a boolean is 
useful when you know that you don't want a new session, 
or when the decision of whether to make a new session 
happens at runtime (and you're passing a variable into the 
getSession(someBoolean) method). 
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when cookies fail 


See...this all sounds 
nice but. uh, NEWS FLASH— 
anybody with half a brain disables 
cookies. How do you do sessions 
if you can't use cookies? 



You can do sessions even if the client 
doesn't accept cookies, but you have 
to do a little wore work... 


Wit don't agree that anybody with hall a brain disables 
cookies. In fact, most browsers do have cookies enabled, 
and everything’s wonderful. But there’s no guarantee. 

If your app depends on sessions, you need a different way 
for the client and Container to exchange session ID info, 
l.ucky for you, the Container can handle a cookie-refusing 
client, bill it takes .1 little more effort from you. 

If you use the session code on the previous pages calling 
getSessioni ) on the request the Container tries to use 
cookies. II cookies aren’t enabled, it means the client 
will never join the session. In other words, the session’s 
ixXewf) method will always return true. 


A Client with oooklea disable will ignore 
T ..Set-Cookie” response headers 

bells and ^ No rt;us < means the client 

session with this client we » „. ofl ;n In your 

S gotSesston() 

code, if you do NOTuseURLjwn g^ ^ a , ways returns 

%TJ .SN M > on «. rse Can, -n*—' **<« 
TZ* . woes, mat has a s assm ID coohm heads 


1 
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URL rewriting: something to fall back on 


l! ilwi client won’t hike cookie*. you ran use URL rewriting as a bark- 
up. Assuming you do your part correctly, URL rewriting will ahum 
work the diem won’t care that it’s happening and won’t 
do anything to prevent it. Remember the goal is for the 
client and Container to exchange session ID inio. Passing 
cookies back and forth is the simplest way to exchange 
session IDs. but if vmi can’t put the ID in a cookie, where 
can you put it? I Rl. rewriting lakes the session ID that’s in 
the cookie and sticks it right onto the end of every URL that comes 
in to this app. 




Imagine a web page where every link has a little bit of extra info (the 
session ID lacked onto the end of the URL. When the user clicks 
that "enhanced’ link, the request goes to the Container w ith that 
extra bit on the end. and the Container simply strips olf the extra 
part of the request URL and uses it to find the matching session. 



[HTTP/1.1 20° 0K 

|wv« Coiatcn I 

IConnertoiictow 


Wfe add the teuton ID bo the end 
of all the URU m the HTML *e 
tend back in the Retyotwe 


_ 

dick me 



HTTP Response 
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URL rewriting kicks in ONLY if cookies fail 
and ONLY if you tell the response to encode the URL 


If cookies don’t work, the Container tails back to L Rl. rewriting, but only 
il' you’ve done the extra work of encoding all the L'RLs you send in the 
response. If you want the Container to always default to using cookies first, 
with URL rewriting only as a last resort, you can relax. That's exactly how it 
works (except lor the first time, but we'll get to that in a moment). But if you 
don’t explicitly encode your URLs . and the client won’t accept cookies, 
yon don't get to use sessions II you r/o encode your L’RLs, the Container 
will lust attempt to use cookies tor session management, and lull back to l RL 
rewriting only if the cookie approach luils. 


public void doGet(HttpServletRequost request, HttpServletResponse response) 

throws lOException 1 

response.setContentType("text/html"); 

PrintWriter out = response.getWriter0; 

HttpSession session = request.qetSessionO; _ .yX*' 


out.prlntln ('*<htmlxbody>"); 

•nut.print In s lirei-S"* response. QncodoURL("/Be<srTost. do") 

out.println C*</body></html>''); ^ ^ 

fidd e+bi ID ^ tV ” 4 WRL 


"\">click me-'/a "); 


y Wait a minute... how DOES the Container know 
that cookies aren’t working? At what point does the 
Container decide to use URL rewriting? 

A; 

Xb. A leolly dumb Container doesn't c«ue wlit-iliri cook¬ 
ies work or not—the dumb Container will always attempt 
tn send the rnnkie AND do iihi rewriting each time, even 
if cookies are working. But here's how a decent Container 
handles it: 

When the Container sees a call to getSessionl), and the 
Container didn’t get a session ID with the client s request, 
the Container now knows that it must attempt to start a 
new session with the client. At this point, the Container 
doesn't know if cookies will work, so with this first response 
back to the client, it tries BOTH cookies and URL rewriting. 


0 : 

Why can’t it try cookies first... and do URL rewrit¬ 
ing on the next response if it doesn't get back a cookie? 


A: 

Xl Remember, if the Container doesn't get a session ID 
from the client, the Container won't even KNOW that this is 
the next request from that client. The Container won t have 
any way to know that it tried cookies the last time, and 
they didn't work. Remember, the ONLY way the Container 
can recognize that it has seen this client before is if the 
client sends a session IDI 

Su, when the Cunt nine I sees you call ieque>lyet 5 essiun 0 . 
and realizes it needs to start a new session with this client, 
the Container sends the response with both a "Set-Cookie” 
header for the session ID. and the session ID appended to 
the URLs (assuming you used response.encodeURLO). 

Now imagine the next request from this client—it will 
have the session ID appended to the request URL. but if 
the client accepts cookies, the request will ALSO have a 
session ID cookie. When the servlet calls request.getSes- 
sionO, the Container reads the session ID from the request, 
finds the session, and thinks to itself, "This client accepts 
cookies, so I can ignore the response.encodeURLO calls. In 
the response, I'll send a cookie since I know that works, and 
there s no need for any URL rewriting, so I won't bother..." 
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URL rewriting works with sendRedirectO 


You have a scenario in which you want to redirect the 

request to a different UK!,, but you still want to use a session. 
There's a special URL encoding method just for that: 

response.encodcRcdirectURL("/BeerTest.do") 


y What about all my static HTML pages... they are full of <a 
href> links. How do I do URL rewriting on those static pages? 

A: 

X* You can't! The only way to use URL rewriting is if ALL the 
pages that are part of a session are dynamically-generated! You 
can’t hard-code session ID's, obviously, since the ID doesn t exist 
until runtime. So, if you depend on sessions, you need URL rewriting 
as a fall back strategy. And since you need URL rewriting, you have 
to dynamically generate the URLs in the response HTML! And that 
means you have to process the HTML at runtime. 

Yes, this is a performance issue. So you must think very carefully 
about the places where sessions matter to your app, and whether 
sessions are critical to have or merely good to have. 


URL rewriting is automatic... 
but onjy if you encode your 
URIjs. YOU Lave to run all your 
URLs through a method of the 
response object-encodeURLO or 
encodeRedirectURL()-and the 
Container does everything else. 


0 - 

^ You said that to use URL rewriting, pages must be 
dynamically-generated, so does this mean I can do it with JSPs? 


A- 


Yes! You can do URL-rewriting in a JSP, and there's even a 
simple JSTL tag that makes it easy, <c:URL>, that you'll see when 
you get to the chapter on using custom tags. 

r\. 

Is URL rewriting handled In a vendor-specific way? 


A= 


Yes, URL rewriting is handled in a vendor-specific way. Tom¬ 
cat uses a semicolon to append the extra info to the URL. Another 
vendor might use a comma or something else. And while Tomcat 
adds'jsessionkU" in the rewritten URL, another vendor might ap 
pend only the session ID itself.The point is, whatever the Container 
uses as the separator is recognized by the Container when a request 
comes in. So when the Container sees the separator that if uses (in 
other words, the separator that it added during URL rewriting), it 
knows that everything after that is "extra info" that the Container 
put there. In other words, the Container knows how to recognize 
and parse the extra stuff if (the Container) appended to the URL 


S3 


URL encoding is 
handled by the 
Response! 


rvvj i fnmet that the encodeURLO 
method is something you call on your 
HttpServletResponse object! You don t call 
it on the request, or on your con texl°ryo ur 
session object Just remind yourself that 
URL encoding is all about the response 
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_ _ - 

1 _ fl-'l Donf be fooled by . request PJ ,am **' r 

^-|J “sessioold' ora JSCSSIONIO-beeder. 

VOU don't ever use Jsessiorvd Mining “« ms 

somebody's doing sorrmfdrng .vrong «*, sdoold fe _ M 

String eessionZD - request .*■»»-“- : 

And ** shouldn't see a cusdrm IsesstonSf deader ,n a rogues, or response 

POST/select/sel«tBe«rTaste.do HTTP/1.1 

User Agent: Mozilla/5.0 

JSESSIONID:OAAB6C8DE415 ^~ Don't do this/ It's supposed to be a beaded 1 

r fact. Ide ONLY place a Isessronrd’ Mtogs rs reside a cor** deaden 

POST /select/selectBeerTaste.do HTTP/1.1 ^ ■„ r ^i, W- 'j?* 

User-Agent: Mozilla/S.O # .a <J 0 it 

.^•>rriAiLiin-na&RAC8DE415 


I n«» - -* 

User-Aqemimu^Ha.^.v _ ^ j do 'f ou 

Cookie. JSES5IONID=OAAB6C8DE415 

or appended to the end of a URL as "extra info 


TVe £ 

or a ppendeo ro me «,« - . ^ °fr ..^r) 

o n t„,e l .r,l,elet,B M ,T, rt .d. ; )se.deo^=°»»«» 0 »’ 5 ^ ^ _ 


■ URL rewriting adds the session ID to the end of all the URLs in the 
HTML that you wnte to the response 

■ The session ID then comes back with the request as 'extra’ info at 
the end of the request URL 

■ URL rewriting will happen automatically if cookies don’t work with 
the dient but you have to explicitly encode all of the URLs you 
write 

■ To encode a URL call response encodeURL(aStnng) 

out.println< v a href-"' 

+ response.encodeURL("/BeerTest.do") 

+ "*>click me</a>'*); 

■ There s no way to get automatic URL rewriting with your static 
pages, so if you depend on sessions, you must use dynamically- 
generated pages 
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(retting rid of sessions 

The client comes in. starts a session, then changes her 
mind and leaves the site. Or the client comes in. starts a 
session, then her browser crashes. Or the client comes in. 
starts a session, and then completes the session by making 
a purchase [shopping cart check-out '. Or her computer 
crashes. 11 'hntrvrr. 

The point is. session objects take resources. Volt don't 
want sessions to stick around longer than necessary. 
Remember, the HTTP protocol doesn’t have any 
mechanism lor the server to know that the client i> gone. 
In distributed application terms, lor those of you familiar 
with them there’s no leasing. * 

But how does the Container (nr ro«) know when the 
client walked away ' How does the Container Anwcwhen 
the client's browser crashed? How dots the Container 
know when it ’« safe to destroy a session? 


r 

** nh k £e*iserve », 
jKe Si*." w,tk (J 4j: 

?itk f 



FLEX YOUR MIND 

What are sliatugius you (and tiie Container) might 
use to manage the number of sessions, and eliminate 
unneeded sessions? What are some possible ways 
in which the Container could tell that a session is no 
longer needed? 


Think about it. then look at the HttpSession API a few 
pages from now for clues. 


•Some distributed apps use leasing as a way for the server to know when 
a client is gone The client gets a lease from the server, and then must 
renew the tease at specified intervals to tell the server that the client is 
still alive. If the dient s lease expires, the server knows it can destroy any 
resources it was holding for that client 
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abandoned s ions 


How we want it to work... 


WY'd like the* Container to recognize when a session lias been 
inactive for too long, and destroy the session. Of course we 
might have to light the Container over what “too long" really 
means. Is 2<> minute* too long.* Alt hour? A day? (Maybe there's 
a way for us to tell the Container what "too long" is.) 


0 Diane selects "Dark" 
and hits the submit 
button. 


The Container sends the 
request to a new thread of 
the BeerApp servlet 




The Container makes a new ses¬ 
sion, ID# 343. The "JSESSIONID" 
cookie is sent back to Diane in the 
response (not shown). 


Web Container 



"¥lD# 343 ) 

\pSe 


® 


Diane vanishes, 
mysteriously. 


The Container does whatever 
Containers do in their spare time 
(although there are probably 
plenty of other clients to service). 



The session started for Diane is still 
sitting there... waiting... abandoned. 



( ID#343j 




® 


Diane doesn't return, The Container checks the state of 
Minutes go by session # 343 and finds that no 

requests have come in with that 
session ID for 20 minutes 


The Container says, "20 minutes 
is just too long She's not coming 
back," and destroys the poor, 
abandoned session 




.Sc rfcM 


end the session 


Jf » 

^7! 1 


Th»s >S >r 
e% -Sess«m 


Web Container 
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The HttpSessiow interface 

All you rare about when you rail gelKcssionO is that 
you get an instance of a class that implements the 
HltpSession interface. It’s the Container's job to 
create the implementation. 

< )nce you have a session, what can you Jo with it J 

Most of the time, you 'll use sessions to get and set 
session-scoped attributes. 

But there’s more, of course. See if you ran figure out 
some of the ke\ methods for yourself (answers are on 
the next page, so don’t turn the page!) 


^Sharpen your pencil 


What it does 


I ** ,n terface» - 

I IOn o9*tCr* atKV ,nme{) 

I Shag getfdfl 

I ^ SfatL * s * Acc **8e<irim»() 

ServletCt,"tatgetSenfaCt 
/ ^tf invalidate^) 

I boolean tsfJewy 

I 

[ ^^tnbute/stnng. Object! 

few wore me,^ 


■ontertf) 


What you’d use it for 


getCreationTime() 



getLastAccessedTimef) 



setMaxlnactivelnterval() 



getMaxlnactlvelnterval() 



invalidated 
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Key HttpSession methods 

You already know about the methods for attributes 
yrlAltl iblitel i, setAtltibute. I, retnoveAttHbutel i, but here 
are a few key ones you might need in your application 
(and that might br on the exam). 



What it does 

What you’d use it for 

getCreationTimeQ 

Returns the time the 
session was first created 

To find out how old the session is You might want to restrict 
certain sessions to a fixed length of time For example, you 
might say. “Once you've logged in, you have exactly 10 
minutes to complete this form * 

getLas tA ccessedTime() 

Returns the last time the 
Container got a request 
with this session ID (in 
milliseconds), 

To find out when a client last accessed this session You 
might use it to decide that if the client's been gone a long 
time you'll send them an email asking if they re coming 
back Or maybe you II invalidate() the session 

setMaxlnactivelnterval() 

Specifies the maximum 
time, in seconds, that you 
want to allow between client 
requests lor this session 

To cause a session to be destroyed after a certain amount 
of time has passed without the client making any requests 
for this session This is one way to reduce the amount of 
stale sessions sitting in your server 

getMaxlnactivelnterval() 

Returns the maximum time, 
in seconds, that is allowed 
between client requests for 
this session 

To find out how long this session can be inactive and still be 
alive You could use this to |udge how much more time an 
inactive client has before the session will be invalidated 

invalidate() 

Ends the session This 
includes unbinding all 
session attributes currently 
stored in this session (More 
on that later In this chapter.) 

To kill a session if the client has been inactive or if you 

KNOW the session is over (for example after the client does 
a shopping check-out or logs out) The session instance 
itself might be recycled by the Container, but we don't care 
Invalidate means the session ID no longer exists, and the 
atlnbutes are removed from the session object 



FLEX YOUR MIND 


Now that you've seen these methods, 
can you put together a strategy for 
eliminating abandoned sessions? 
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You can't be serious does 
this mean that I have to 
keep track of session activity 
and that I have to destroy 
the stale sessions? Can t the 
Container do that? 


Setting session timeout 



(food news: you don't have to keep track of tln> yourself. See those 
methods on the opposite page? You don’t have to use them to yet 
till of stale inactive sessions. The Container can do it for you. 

Three ways a session can die: 

► It times out 

► You call invalidate i on the session object 

► The application goes down (crashes or is undeployed 

(?) Configuring session timeout in the DD 

Configuring a timeout in the DD lias virtually the 
same effect as calling sotMaxInactivelntervalfi on 
every session that’s created. 

<web-app ...> 

<servlet> 

</servlet> 

• eessic-n-config ■ 

<session-timeout>l5</se s sion-timeout> 

</sessian-config> 

< / web-app- 


tes Th.s * 

** * ^ re<\«<^ 


(2) Setting session timeout for a specific session 


Timeouts in 
T' ' the DD are 

in MINUTES! 

Here s a big inconsistency to 
watch out for... you specify 
timeouts in the DD using 
MINUTES, but if you set a 
timeout programmatically, you 
specify SECONDS 1 


It you want to change the section-timeout value for 
a particular session instance ' Without affecting the 
timeout length lor any other sessions in the app): 


session.setMaxInactivelnterval(20*60); 






V* **ll ike 


-W it 


The argument to the method is in seconds, 
so this says if the client doesn't make any 
requests on the session for Z O »>mutes, kill it ' 


♦ ventow, »<rt {.He tleiti 
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Code Magnets 

Specify m both the DD and programmatically, that if a ses¬ 
sion does not receive any requests for 20 minutes, it should 
be destroyed We put one magnet in the servlet for you to 
get started, and you might not use all magnets 


DD 


- Servlet 



public void doGet (HttpServletP.equest request, HttpServletResponse response) 

throws IOException ( 



request. 


session 


setSessionTimeoutI 







session umagenwn; 


BE the Container 



Each of the two listing's represents code 
from a compiled HltpServlet. Your job is 
to think like the Container and determine 
what will happen when each of these 

Servlets are invoked twice by 
the same client. Describe 
what happens the first and 
Second time the same client 
accesses the Servlet. 


© 


public void doGet(HttpServletRequeat request, HttpServletResponse response) 

throws IOException I 

reap jrise.setContenLType ("text/html"); 

PrintWriter out - response.getWriter(>; 

HttpSession session - request.getSessinn(); 
session.setAttribute("foo", ”42"); 
session.setAttribute("bar", ”420"); 
session.Lnvalidate(); 

String foo = (String) session.geLAttribute<"foo"); 
out. print In ("Foo: ” *■ foo); 


public void doCet(HttpServletP.equest request, HttpServletResponse response) 

throws IOException I 

xtrSpOnSG . SOtCOiiuOuLType ( ” l trXt./ht.irii" J l 
PrintWriter out - response.getWriter(); 

HttpSession session = request.getSession(); 
session.setAttribute("foo", "42"); 
session.setWaxInactiveinterval(0); 

String foo = (String) session.getAttribute("foo”); 
if (session.isNev<)) ( 

out.printIn("This is a new session."); 

) else ( 

out.println("Welcome back!"); 


out.println("Foo: ” +■ foo); 
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Code Magnets 
Answers 


Specify in both the DD. and programmatically, 
that if a session does not receive any requests 
for 20 minutes it should be destroyed 



- Servlet- 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws XOException ( 
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© 


public void doGet(HttpServletRequest request, HttpServletRespcnse response) 

throws IOException ( 

response.setContentType("text/html"); 

PrintWriter out - response.getWriter(>; 

HttpSession session = request.getSessionO; 
session.setAttribute("foo", "42"); 
session.setAttribute("bar", "420"); 
session.invalidate (); —-here we invalidate the «»*»" 


String foo = (String) session. getAttribute("foo"); 


out.println("Foo: 


" +• foo )} 


Result: a runtime exception (HlegalStateException) is 
thrown because you can't get an attribute AFTER the 
session becomes invalid. 


Uh-oh' |t’» toojaif ^ 
ytAttr.buteO on the ««>on 
became the semon already IS 
invalid* 


© 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws IOException 1 

response.setContentType("text/html"); 

PrintWriter out = response.getWriter(); 


HttpSession session = request.getSession () t wf ’ re earning the session to 

session.setAttribute ("foo", "42"); ^ . became 

session. setMaxInactivelnterval (0) ^i air ter O 

String foo = (String) session.getAttribute ("foo "); we rt lwe ° u , J 

. J- - L 

SCC Onu* tfl 

if isession.isNew()) ( , 

out .println (“This is a new session."); Can't call isKewO on a J-Uil' 

I else < ahr ** d Y >**»* ‘"validated So rt'i really the 

out .print in ("We lcome back!"); u**e problem as the Code above y Jc.^‘1 

) call this method on an invalid session 

out.println("Foo: ” * foo); 


Result: a runtime exception (HlegalStateException) is thrown 
because you can't call isNew() on the session AFTER the session 
becomes invalid. Setting the maximum inactive interval to 0 
means the session times out and is invalidated immediately! 
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Can I use cookies for other things, or 
are they only for sessions? . *• 

Although cookies were originally designed to help support 
session state, you can use custom cookies lor other things. 
Remember, a cookie is nothing more than a little piece of 
data (a name/value String paiti exchanged la-tween the 
client and server. The server send.* tin - cookie to the client, 
and the client returns the cookie when the client makes 



another request. 

One cool thing about cookies is that the user doesn't 
have to get involved die cookie exchange is automatic 
assuming cookies are enabled on the client, of course). 


By default, a cookie lives only as long as a session: once the 
client quits his browser, the cookie disappears. That’s how 
tin- "JSESSK )N’ 11 )" cookie works But you can tell a cookie 
to stay alive eien AFTER the browser shuts down. 

That way. your web app can still get the cookie information 
even though the session w ith that client is long gone. 
Imagine that Kim wants to display the user’s name each 
time he returns to the beer site. So lie sets the cookie the 
first time lie receives the client's name, and il lie gets the 
cookie back with a request, lie knows not to ask for the 
name again. Ami il doesn't matter i/ the user restarted tin Inman 
and hasn't been on the siteJhr a week . 1 


£!co^ite^rname.TomasHtrsch 

Conwnl-tTtw 

few Ap.tIvt-COVSK'l 1 

rolWw* 1 t,ov * 


Server sends 
This -f irst 


You can use cookies to 
exchange name/value 
String pairs between the 
server and the client. 


The server sends the 
cookie to the client, and 
the client sends it back 
with each subsequent 
request. 

Session cookies vanish 


when the client’s browser 
‘fuits. but you CAN tell 
a cookie to persist on 


the client even after the 

kl*At«.*CAl* Cl«itic rlruirtl 


Ui JUML4 uumi. 


I U»'-*9wo j „ 

' CO H k, ! : “ S ' rname ; To ^«Hirsch 

*"' p ' U-iaiiw „ 


Client sends 
this hack 
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Using Cookies with the Servlet API 


You can get rookie-related header- out of the HTTP 
request and response, hut don’t, F.ven tidin' you need 
to do with cookies lias been encapsulated in the 
Servlet AIM in three classes: HltpServlelRequcsl. 
HttpServlet Response, and Cookie. 


«(«ted3ce >> 


getContestPatftO 

gelCookiesO 

gelHeadeilSJnrg) 

getOuefyS^^' 1 

getSessiofl) 

//MANY mote methods. 


«mlerfeoe» 

javax.servlet http HttpServletResponse 

addCookief) 

addHeader() 

encodeRediredURL() 

sendErmrf) 

set$tatus() 

// MANY more methods 


[ iavax.sen/tefhttp.Cookie 

I CookteiStn^St^ 

S*nng getOomainp 
(nl 9eiMaxAge{) 

String getNamep 


j toolean getSecureij 
I Stttng getWatueo 
[ ^dseiOomam/Stnng, 
‘’O'd setMaxAge/mt) 
vo< * setPath(Stnng) 
^^ue/Stnng, 

1 a few more methods 


Creating a new Cookie 

Cookie cookie - new Cookie("username", name); 




a n>^' 


Setting how long a cookie will live on the client 

cookie. setMaxAge < 30 * 60); 


Sending the cookie to the client 

response . ad.iCr>ok i e (nook - e ) } 


' zs&szjte* -r- ^ 

& *•> -i rso 

sr 


Getting the cookie(s) from the client request 

Cookie[] Cookies - request:.getCookies () ; 
for (int i » 0; i < cookies.length; i++) I 
Cookie cookie - cookies[i]; 
if (cjckie.getName().equals("username")) i 
String uuerName = cookie.qetValue(); 
out.println("Hello ” + userName); 
break; 


r-'*£?'**■ 
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Simple custom cookie example 

So. imagine that Kim wants to put up a lorrn that asks the user to submit hi> 
name. Tin* form rails a servlet that gets the username request parameter, 
ami uses tlte name value to set a cookie in the response. 

The next time this user makes a request on ANY servlet in this web app, the 
rookie comes track with tlie- request assuming the cookie is still .disc. based 
on the cookie's rnaxAgc value When a servlet in the web app sees this 
cookie, it can put the user’s name into the dynamically-generated response, 
and the business logic knows not to ask the user to input his name again. 

This code is a simplified test version of the scenario wo just described. 


Servlet that creates and SETS the cookie 

import javax.servlet; 
import javax.servlet.http.*/ 
import java.io.*; 

public class CookieTest extends HttpServlet ( 


public void doPost(HttpServletRequest request, HttpServletP.esponse response) 

throws IOException, ServletException ( 


response.setContentType("t ext/hrml"); 

String name 

Cookie cookie = new Cookie("username", name); 
cookie.setMaxAge(30*60); ^ 
response.addCookie (cookie); 


fet ^ ^Tor- 

request .getParameter(“username"); submitted m 


Mike, 


f *ew roofed w 

v . , ‘W the ^ ^ 

««rital«e« l ihed ie at 4 r 30 « Illl t ei 


■“ ^ d li Ke «•*•« a* * ... . )cp . 

response header ^-et A dSP »»ake 

the response page 
V 

RequestDispatchor view = request.getRequestDispatchor ("cookioresult.}sp"); 
view.forward(request, response); 


JSP to render the view from this servlet 

<htmlxbody> 

<a href-"checkcookie.do">click here</a> 
</bodyx/html> 


„ Ws JSP' 1 * 

0^1 wre, there 5 n , e *n THIS 

this, U - ^ ‘TSS? The t*t 

HTMLJSP doesn't 

that The took.e * 

thange the took«e t** the 

^i:,raX*p 


redes' 
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Custom cookie example continued... 

Servlet that GETS the cookie 

import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 

public class CheckCookie extends HttpServlet < 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws IOException, ServletException i 


response.setCnntentType ("text/hrml") ; 
PrintWriter jut = response.qetWriter(); 

Cookie(1 cookies - request.getCookies0 i 


$et 

fro- tVvC 


if ( cookies ! = null ) { 

for (int i = 0; i < cookies.length; i++) I 
Cookie cookie * cookies!ij; 
if (cookie.qetName().equals("username")) I 
String userName - cookie.getValueO; <- 
out.println("Hello " t userName); 
break; 

) 


Loop tkrow^h the Cookie array 
looking for a Cookie named 
username |f tkere u one, aet 
■fcke value and print it. 


i 


I 


0 


Don’t confuse Cookies 
with headers! 


J%k\ . 


ALL » 7 c X' h ** e 'o*n 0 „ 
For,. °°x> e meth 0 (j s 

,n c/ass Cookie but Jn >he meth °ds 
kn °» the roou e ^° U must 

:i t J n °. nd * s P°n S e 

You shook, !i'* n « addC oo^ 

constructs andf/1 ,he C °oki e 


w*, add a daado, » a raspoaae. >*a aaaa « "»™ 
and value Strings as arguments. 

response.addHeader("foo", "bar"); 

. inaW fl 

R,,I vou odd a Cookie to rr»e iwspoi.oc. /«- f~--- 

cookie object You set the Cookie name and value ,n 
Cookie constmdor. 

Cookie cookie - new Cookie("name", name); 

response. addCookie(cookie), 

r.» sssktSSSSi 

There's only an addCook,e() methodI 
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session lifecycle moments 


Key milestones for an HttpSession 

Hii>lilights of the important moments in an 
HttpSession object's life: 


The session is created or destroyed. 




Session attributes are added, removed, 
or replaced by other parts of the app. 



The session is passivated in one VM and 
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Session lifecycle Events 

Milestone 

Lifecycle 

The session was created 

Wlmt ihr Container first ensues .■ session. At litis point, the 
session is still considered new in other words, the client lias not 
yet sent a request with the session ID 

The session was destroyed 

When the Coni.liner invalidates .1 session (liecausc the session 
timed out or some part of the application called the session’s 
invalidated method). 


Attributes 

An attribute was added 

When some part of the app calls setAltribule:; on the session. 

An attribute was removed 

When some part of the app calls returneAttrilmtei 1 on the session. 

An attribute was replaced 

When some part of the app calls setAltribule^ on the session, and 
the name of the attribute has already been hound lo die session. 


Migration 

The session is about to be passivated 

When the Container is about to migrate move) the session into 
a different VM- Called heftin' the session moves. m> that attributes 
have a chance to prepare themselves for migration. 


The session has been activated 

When the Container lias /ust migrated 1 moved 1 the session into a 
different VM. Called before any other part of the app can call 
getAltrihutei ) on the session, so tin- just-moved attributes have a 
chance to get themselves ready lor access. The sc 


Event and Listener type 


HttpSessionEvent 



HttpSession Listener 


HttpSession Binding Event 



HttpSessionAttributeListener 


HttpSessionEvent 



% 


HttpSessionActivation Listener 
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HttpSession B indint, Listener 


Pon't forget about HttpSession^indingListener 

I lu' events on the previous page are lor key moments in the life of the 
u-winti. But the HttpSessionBindinsI jsrener is for key moments in the 
life of .1 session otiribuU. Remember from chapter "> where we looked at 
how \ou might use this if. lor example, your attribute wants to know 
when it's added to a session so that it can synchronize itself with an 
underlying database land update the database when it’s removed from a 
session). Here's a little review from the previous chapter: 


package com.example; 
import javax.servlet.http.' 


■?»***>**' 


TVs 


public class C q implements HttpSessionBindingListener 

private String breed; 



public Dog(String breed) 
this.breed-breed; 

I 

public String getBreed() 
return breed; 

I 


I 


Uii W ike £><*, jii l 

1 '^“ 


Also 


p iblic void valueBound(HttpSessionBindingEvent event) 

II code to run now that 1 know I'm in a session 


TKe 

ho i tei , an 


P ml ic i valueUnbound(HttpSessionBindingEvent event) 

// code to run now that I know I am no longer part of a session 

) 


Vo- 


\J 


0 


You do NOT configure session 
binding listeners in the DO! 


fsssa^ssssssr 

rs ttjz&xzzxzzz 

That's It just works But this ,s ^' rrl , Sessl0flL(S(ene r 

233S£=r sxsss 

individual attribute placed in the session 
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Session migration 

Remcinbrt from I he previous chapter, we talked briefly about distributed web 
apps. where die pieces of the app might be replicated across multiple nodes in 
the network. In a clustered environment, the Container might do hxui balancing In 
taking client requests and sending them out toJVMs i which may or may not be on 
different physical boxes, but that doesn't matter to us The point is. the app is in 
multiple places. 

That means each time the same client makes a request, the request could end up 
going to a different instance of the same servlet. In other words, request A Ibr Servlet 
A could happen on one YM. and request B for Servlet A could end up on a different 
Y'M. So the question is. what happens to things like ServletContext, ServletC.onfig, 
and HltpSession objects? 

Simple answer, important implications: 

Only llttpSession objects (and their attributes) more from one VM to another. 

There is one ServletContext pn l‘M 1 here is one ServletConlig per \rutd. pci I'M. 

Hut there is only one llttpSession object for a given session ID per n>eb app. 
regardless of how many VM’s the app is distributed across. 



Servlet A 


The Peer Web App distributed across two VMs 


Beer Web App 








▼ 

I #343 J 


Back servlet Kir its om 
ServletCcnfig, and both 
servlet* in the web app 
share a ServletContent 


,<& Everything c+te ft the 
™ e HttfSession is duplicated 
on the other VM 


#128 \ 


Beer Web App 


) 


'HtCo** 


Note everything is duplicated 
in the second server EXCEPT 
the HttpSesuon object*I 


Sessions live in on !y ONE place 
at any given moment The 
sa»e session ID to*- a given 
web app will NEVER appear in 
two VMt at the same t 
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Session migration in action 

How an app server vendor handles clustering and weh app 
distribution varies with each vendor, and there’s no guarantee in 
the J 2 EE spec that a vendor has to support distrihuted apps. But the 
pirlurr here gives you a high-level idea of how it works. The key point 
is that while other parts of the app arc rrpliatled on each nodc/VM, 
the session objects are moved. And that is guaranteed. In other words, 
if the vendor does support distributed apps, then the Container is 
m/uired to migrate sessions across VMs. \nd that includes migrating 
session attributes as Well. 


Diane selects "Pale" 
and hits the submit 


The Load-Balancing server 
decides to send the request 


The Container makes a new session, ID# 
343 The ‘JSESSIONID" cookie is sent 



( 2 ) Diane selects “Bitter” and 
hits the submit button 
Her request also includes 


This time, the Load-Balancing 
server decides to send the 
request to Container 4-2 in 


The Container gets the request, sees the 
session ID, and realizes that the session 
is on 0 different VM, VM One 1 
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The session #343 migrates from VM One to 
VM Two. In other words, it no longer exists 
on VM One once it moves to VM Two 

This migration means the session was 

passivated on VM One, and activated 
on VM Two 



Load-balancing 
Server/Conta i ner 




© 




Load-balancing 

Server/Contoiner 


The Container makes a new thread for Servlet4. 
and associates the new reguest with the recently- 
moved session #343, 

Diane's new reguest is sent to the thread, and 
everybody is happy. Diane has no idea what 
happened (except for the slight delay/latency 
waiting for the session to move) 
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HttpSession Listener 


HttpSessionActivatiohListener lets attributes 
prepare for the big wove... 


Since it's jtowihlr that an HttpSession i an migrate from one YM to 
another, thr spec designers thought il would l>e nice if someone 
bothered tr* tell the attributes within the session that they, too, 
were about to move. That way the attributes ran make sure they'll 
survive the trip. 


This listener is so that 
us un uttribute. I can find out 
when I'm about to be moved to a 
new VM as part of a session, and 
I can make sure my instance 
variables are ready 


Il all volt! attributes an straightforward Serializable objects that 
don’t i are where they end up, you’ll probably nevei use this listener. 
In fart, we’re guessing of all web apps never use this 

listener But it’s there if you need it. and the most likely use of 
this listener is to give attributes a chance to make their instance 
variables ready for Serialization. 


Session migration and Serialization 

Now it gets a little tricky... 

.4 Container is required to migrate Serializable attributes i which 
assumes that all instance variables within the attribute are eithei 
Serializable or null). 



«interiace» 

HttpSessionActivationListener 


r 


. v i 


sessionDidActlvate(HttpSessionEvent) f 

sessionWillPas$ivate(HttpSess)onEvent) 



But a Container is not required to use Serialization as the means j3V3X servlet http HttpSessionActivatonltStener 
(in migrating the HttpSession object! 


What docs this mean to you? Simple: make sure your attribute 
class types are Serializable and you never have to worry about it. 
Rut if they’re not Serializable (whit h could be bec ause one of the 
attribute object’s instance variables is not Serializable, have your 
attribute object class implement HitpSrssioiiAclivniionLislcncr 
and use the ucovuliuu/passivation callbacks 10 woik aiuuiul it. 


0 i: 


-- r p|:m j,R E D to use Serialization, so there’s no 

The Contai " 1 f r t , * n a ° d t ob ^ ect() and writeObjectf) will be called on a 
S*:»b.r,«rtb U .e o' .00 o. ... instance .enables! 

._.1-1 .mnJntTWnfS SoflDllZO 


implement a writeObjGct() method, called by the v * object can use these methods to. for example, 

method, called when an object is desenaize . lwn teObject()) and then restore the fields during 
set nomSenahzable fields to null dunng ( .. (he dotw i s of Serialization, don't worry abou it.) 
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listener examples 

Over the next three pages, pay attention t<» the event object 
types and to whether the listener is also an attribute class. 


Session counter 

This listener lets you keep track of the nuinbet of active 
sessions in this welt app. Yen simple. 


package coin.example; 
import javax.servlet.http.*; 


public class BeerSessionCounter implements HttpSessionListener 


etatic private int activeSessi ns; 

public static ir.t getActiveSessions0 
return activeSessions; 

I 


I 


pubiic void sessionCreated(HttpSessionEvent event) 

activeSes sinns♦ +; 

I 

public void sessionDestroyed(HttpSessionEvent event) 

activeSessions—; 

I 


These weiKods take an 
HHfSewionEvent 



Configuring the listener in the DD 


<web-app ...> 


<listener> 

<listener-dass> 

com.example.BeerSessionCounter 
</listener-class> 

</listener> 

</web-app - 


it ihe ay? “ 

lK ere “ *» 

^ Jy/M u V I? ihe 
% '***.:%*» -» u -' 
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listener examples 


Attribute Listener 

This listener lets you traek each time am attribute is 
added to. removed from, or replaced in a session. 


package com.example; 
import javax.servlet.http.*; 




/ 


publ. -• claa^ BearAttributeListener implement; HttpSessionAt tribu teLlstener 


public Vila attributeAdded(HttpSessionBindjLngEvent event) 


String name = event.getNaroe() 
Object value = event.getValue 






System.out.princln("Attribute added: " + name - 


t value); 


public void attributeRemoved(HttpSessionBinding*vent event) | 

String name = event.getNaroe0; 

Object value = event.getValue(); 

System.out.println("Attribute removed: " -t- name * " + value); 

) 


pun Iic attributeReplaced(HttpSessionBindingEvent event) 

String name = event.getName(); 

Object value - event.getValue(); 

System.out.println("Attribute replaced: " name + + value); 

) 


Configuring the listener in the DD 

web-aup ...> 

<listener> 

<listener-class> 

com.example.BeerAttributeListener 
</listener-class> 

</listener> 

</web-app> 




Hey, what the heck are you printing 
to? Where does System.out go in a web app? 

A: 

Wherever this Container chooses to 
send it (which may or may not be configurable 
by you). In other words, in a vendor-specific 
place, often a log file. Tomcat puts the output 
in tomcat/logs/catalina.log. You II have to read 
your server docs to find out what your Con¬ 
tainer does with standard output. 
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listener examples 


Attribute class (listening for events that affect IT) 

This listener lets an attribute keep track of event* that might he 
ini|M»rtanl to the attribute itself when it's added t<« nr removed from 
a session, and when the session migrates from one VM to another. 


package com.example; 
import javax.servlet.http.*; 
impott )ava.io.*; 

public class Dog implements HttpSessionBindingListener, 

HttpSessionActivationListener, Serializable I 

private String breed; 

II imagine more instance variables, including 
// some that are not Serializable 


II imagine constructor and other getter/setter methods 

public void valueBound(HttpSessionBinding£vent event) 

II code to run now that 1 know l*m in a session 

» 


'N Session btndinq events 


pi.blic •■•i i valueUnbound(HttpSessionBindingEvent event) 

// code to run now that I know I am no longer part of a session 
I 


public void sessionWillPassivate(HttpSessionEvent event) 

// code to get my non-Serializable fields in a state 
// that can survive the move to a new VM 
I 

public cl sessionDidActivate(Http3essionEvent event) 

// code to restore my fields... to redo whatever I undid 
// in sfissinnWi11 Passivatn() 


Session activation 
events (but notice that 
the methods take an 
Http Session Events 


I 
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Session-related listeners 

Scenario Listener interface/ Event type Usually implemented by 

methods 


You want lo Know how 
many concurrent users 
there are. In other words, 
you want to track the actrve 
sessions 


HttpSessionListener 

(javax.servlethttp) 

sessionCreated 

sessionDestroyed 


HttpSessionEvent 


□ An attribute class 
^sJJome other class 


You want to know when a 
session moves from one 
VM to another 


HttpSessionActivationListener 

(javax servlet http) 

sessmDidActivate 

sessionWillPassivate 


HttpSessionEvent 


tJi* 




X An attnbute class 
t^Some other class 


You have an attnbute class 
(a class for an object that 
wf be used as an attnbute 
value) and you want objects 
of this type to be notified 
when they are bound to or 
removed from a session 


HttpSessionBindingListener 

(javax servlet http) 

valueBound 

valueUnbound 


HttpSessionBindmgEvent 


attnbute class 
□ Some other class 


You want to know when 
any session attnbute 
is added removed or 
replaced in a session 


HttpSessionAttributeListener 

(javax servlet http) 

attributeAdded 

attributeRemoved 

attributeReplaced 


HttpSession Binding Event 


□ An attribute class 

Snmo nlhor rJav; 


Some of .he s.ssloo-relefed »v«"tsdo nh 
r , , follow the event naming conventions! 

HttpSesslonbstener methods take Hltp^slonE^^B^dingEvents. 

HttpSes^onBindmgU^er m^ s ^ HttpSessl0nB indingEvents 

But HttpSessionAttnbuteUs ene nttpSessionEvents 
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Session-related Event Listeners 
and Event Objects API overview 



«mterface» 

HttpSessionActivationUstener 


sessmDidActMatetHttpSessMEvenl) 
sessionWHlPassivate(HtlpSessionEvent) ^ 


«mtefiace» 

HttpSessionListener 


sessionCreatedIHttpSessionEvent) 

ses&onDeslroyed{H11pSesshnEvent) 




«interfac(»> 

HttpSessionAttributeUstener 


atlnbuleAddedfHnpSessmBIndingEverti) f 
attributeRemoved (HttpSesstonBindmgEvent) 
annt>uleReptaced(HttpSessionB*ni$ngE vent) 


session management 



TW getNameO method returns 
the String name of the attribute 
that truwered the event 

' • ' JJ 

The get\/alueO method returns 
the object value of the attribute 
that triggered the event iVatch 
out* It returns the old value, not 
the new one In other words, it 
returns the value the attribute 
had BEFORE the change that 
triggered the event* 
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Sharpen your pencil Session-related listeners 

^ Yes, this is almost an exact copy of the table from two pages back. 

so don’t go there. Try to think through these listeners and put down 
your best guess You can expect at least two. and as many as 
four questions on Ihe exam about session listeners Use both your 
memory and common sense to fill this out 


Scenario 

Listener interface/ 
methods 

Event type 

Usually implemented by 

You want to know when a 
session is created 



□ An attnbute class 

□ Some other class 

An attribute wants to know 
when it has been moved 
into a new VM. 



□ An attnbute class 

□ Some other class 

An attnbute wants to know 
when it has been replaced 
m a session 



□ An attribute class 

□ Some other class 

You want to be notified 
whenever anything is 
bound to a session 



□ An attnbute class 

□ Some other class 
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Ciiven: 

10. public class MyServlet extends HttpServlet { 

11. public void doGet(HttpServlotRequest request, 

HttpServletResponse response) 

12. throws IOException, ServletException { 

13. // request.getSession().setAttribute("key", "value"); 

14. // request.getHttpSession().setAttribute("key", "value"); 

15. // ((HttpSession)request.getSession()).setAttribute("key", "value"); 

16. // ((HttpSession)request.getHttpSession()).setAttribute("key", "value"); 

17. ) 

18. } 

Which line;*) could be uncommented without causing a compile or runtime error:' 

(Choate idl tlr.it apply 

Q A. Line 13 only. 

Q II. Line 14 only. 

Q C. Line 13 only. 

O 1). Line lfi only. 

□ L. Line 13 or line 13. 

—) F. Line 14 or line lb, 


2 


11 a client will !\< 11 accept a cookie, which session management mechanism 
could the web container employ? (Choose one.) 

Q A. C«»okies, but NOT !'RL rewriting. 

U B. URL rewriting, but NOT cookies. 

J C. Fitlrer cookies or URL rewriting can be used. 

Q l). Neither cookies nor URL rewriting can be used. 

U E. Cookies and URL rewriting must be used together. 
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Which statements about HttpSession objects arc true? 
(Choose all that apply, i 

□ A. A session whose timeout priioil has lircn m-| to -1 will 

never expire. 

d II. A session w ill become invalid as soon as the user closes 
all browser windows. 

d C. A session will become invalid after a timeout period 
defined by the servlet container. 

□ I). A session may be explii itly invalidated by calling 

HttpSession.invalidateSession() 


Whit h of the following are NOT listener event types in thej2EE 1.4 API? 
(Choose all that apply.) 

d A. HttpSessionEvent 
d B. ServletRequestEvent 
d C. HttpSessionBindingEvent 
d I). HttpSessionAttributeEvent 
d 11 ServletContextAttributeEvent 


5 Which statements alxuit session tracking are true? 

(Choose all that apply.) 

d A. URL rewriting may be used by a server as the basis lor 
session tracking. 

d If SSL has a built-in mechanism that a servlet container could 
use to obtain data used to define a session. 

d C. When using cookies for session tracking, there is no 

restriction on the name of the session tracking cookie. 

d I). When using cookies for session tracking, the name of the 
session tracking cookie must be JSESSIONID. 

d K. If a user has cookies disabled in theit browser, the 

coni.linn may choose to use a javax.servlet.http. 
CookielessHttpSession object to track the user s session. 
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Given: 

1. import javax.servlet.http.*; 

2. public class MySessionListener 

iirplements HttpSessionListener { 

3. public void sessionCreated() ( 

4. System.out.println("Session Created"); 

5. } 

6. public void sessionDestroyed() ( 

7. System.out.println("Session Destroyed"); 

8 . } 

9. > 

What is wrong with tf its class;' Choose all that apply i 
Q A. lilt- method signature on line 3 is NO T correct. 

_] B. 1 he method signature on line ti is N’t )T correct. 

LJ C. The import statement will NOT import the 

HttpSessionListener interface. 

□ 1) sessionCreated and sessionDestroyed are \< >T tin- only 
methods dellncd by the HttpSessionListener interface. 


Which statements almut session attributes are true? Choose all that applyi 

_] A I'hc return type oi HttpSession.getAttribute (String) is 
Object 

Q B The return type ol HttpSession.getAttribute (String) is 
String 

Q (J. Attributes bound into a session are available to any other servlet 

that belongs to the same servletcontoxt and handies a request 
identified as being part of the same session. 

—1 D. Calling setAttribute ("keyA", "valueB") on an HttpSession 

w hich already holds a value fot the key keyA w ill cause an exception 
to be thrown. 

—J K. Calling setAttribute ("keyA", "valueB") on an HttpSession 

which already holds a value lor the key keyA will cause the previous 
value for this attribute to be replaced with the String valueB. 
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8 Which interlaces define a getSession() method? 
(Choose all that apply.) 

Q A. GervletRequest 
□ B. SorvletRcsponse 
U C HttpServletRequest 
D 1). HttpServletResponse 


Given a session object s. and the code: 

s.setAttribute("key", value); 

Which listeners could he notified? (Choose one. 

D A. (fitly HttpSessionListener 

□ B. < fitly HttpSessionBindingListener 

Q C. Only HttpSessionAttributeListener 

LI l). HttpSessionListener 

and HttpSessionBindingListener 

LI E. HttpSessionListener 

and HttpSessionAttributeListener 

J I' HttpSessionBindingListener 

and HttpSessionAttributeListener 

Q G. All three 


10 


Given that req is an HttpServletRequest. which snippet* create a 
session if one doesn’t exist? (Chooser all that apply.) 

LI A. req.getSession(); 

L) B. req.getSession(true); 

□ ( req.getSession(false); 

□ D. req.createSession(); 

□ K. req.getNewSession(); 

LI E req.createSession(true); 

□ G. req.createSession(false); 
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(Jivcn .1 session objet i s with t\v<> attribute named myAttrl and myAttr2. 
which will remove hoth attributes Ifotn this session? ('house .til that apply 

□ A. B . romovoAllValuoe () ; 

J I? s. removoAttributo ("myAttrl") ; 
s.removeAttribute("myAttr2"); 

Q C. s.removeAllAttributes(); 

D 1). s . getAttribute ("myAttrl", UNBIND); 
s.getAttribute("myAttr2 ", UNBIND); 

LI K. s .getAttributeNames(UNBIND) ; 


12 


Which statements about HttpSession objects in distributed 

environments are true? (Choose all that apply. 

Q A. When a session is moved from one JVM to another, am 
attributes stored in the session will be lost. 

LI B. When a session is mov ed from one JVM to another, 

appropriately registered HttpSessionBindingListener 
objects will be notified. 

Q C. When a session is moved from one JVM to 

another, any session attribute implntenting the 

HttpSessionActivationListener interlace will be notified. 

□ D. When a session is moved from one JVM to another, attribute 
values that implement java.io.Serializable will be 
transferred to the new JVM 


13 


Which statements about session timeouts are true;’ 
(Choose all that apply. 


c .:. ... a . a_.. i a. isis . 

■ session Iiineoiii uci i.nations inane m Uie i/in.in sjjt-i 

time ill seconds. 


□ B. Session timeout declarations made in the 1)1) can specify 
time in minutes. 


□ C. Session timeout declarations made programmatically can 

specify time onlv in seconds, 

□ I). Session timeout dei larations made programmatically can 

specify time only in minutes. 

O E. Session timeout declarations made programmatically ran 
specify time in either minutes or seconds. 
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Choose the servlet code fragment that would retrieve from the request the value of a cookie named 
14 -*ORA_Unr? (Choose all that apply.) 

J A. String value = request.getcookie("ORA_UID"); 

J B. String value = request.getHeader("ORA_UID"); 

Q ('. javax.servlet.http.Cookie[] cookies = 
request.getCookies(); 

String cNanve = null; 

String value = null; 
if (cookies != null){ 

for (int i = 0; i < cookies.length; i++) { 
cName = cookies[i].getName(); 
if (cName !■ null it 

cNaroe .equalsIgnoreCase("ORA_UID"))( 
value = cookies[i].getValue(); 

} 

) 

) 

_) l) javax.servlet.http.Cookie[] cookies = 
request.getCookies(); 
if (cookies.length > 0)( 

String value ■ cookies[0].getValue(); 

) 


15 


Which method(.s) can be used to ask tin- container to notify your application 
whenever a session is alxuil to timeout? (Choose all that apply.) 

—1 A HttpSessionListener.sessionDestroyed 

□ B. HttpSessionBindingListener.valueBound 

r~» -- 

LJ C. HttpSessionBindingListener.valueUnbound 

□ 1) HttpSessionBindingEvent.sessionDestroyed 

L) U. HttpSessionAttributeListener.attributeRemoved 
—1 I HttpSessionActivationListener.sessionWillPassivate 
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Hn\v Would N't ill list* (lie HttpServletResponse objei I in a servlet In add a rookie to (lie client? 

LI A. <context-param> 

<param-name>myCookie</param-narae> 

<param-value>cookieValue</param-value> 

</context-param> 

U B. response.addCookie("myCookie","cookieValue"); 

□ C. javax.servlet.http.Cookie newCook *» 

new javax.servlet.http.Cookie("myCookie"/’cookieValue"); 
//...set other Cookie properties 
response.addCookie(newCook); 

L) 1). javax.servlet.http.Cookie [] cookies = request.getCookies () ; 

String cname = null; 
if (cookies !■ null){ 

for (int i - 0; i < cookies.length; i++) ( 
cName = cookies[i].getName(); 
if (cName != null tt 

cNamc.equalsIgnoreCase("myCookie"))( 
out.println( cName + ": " + cookies[i].getValue(); 

) 

> 

) _ 

Given: 

13. public class ServletX extends HttpServlet ( 

14. public void doGet(HttpServletRequest req, HttpServletResponse 
resp) 

15. throws IOException, ServletException { 

16. HttpSession sess = new HttpSession(req); 

17. sess.setAttribute("attrl", "value"); 

18. sees.invalidate(); 

19. String s = sess.getAttribute("attrl "); 

20 . ) 

21. ) 

What is the result? iChoosc all that apply.) 

□ A. Compilation fails 

•] B. The value of s is null 
Q C. The Value of S is "value" 

LI I). An IOException is thrown 

D K. A ServletException is iIiions n 

LI I An IllegalStateException is thrown 
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Given: (^vlet ^ 

10. public class MyServlet extends HttpServlet { 

11. public void doGct(HttpServletRequost request, 

HttpServletResponse response) 

12. throws IOException, ServletException { 

13. // request.getSession().setAttribute("key", "value"); 

14. // request.getHttpSession().setAttribute("key", "value"); 

15. // ((HttpSession)request.getSession()).setAttribute("key", "value"); 

16. // ((HttpSession)request.getHttpSession()).setAttribute("key", "value") 

17. } 

18. ) 


Which line"'i could he uncommented without causing a compile or runtime error? 
(Choose all that apply. ) 

D A. Line 13 only. 

LI B. Line 14 only. 

Q G. Line 15 only. 

O L). Line 1 1 > only, 

3 F.. Line 13 or line 15. E * bet**e both Ut 

n r i u i- ii I * make the terredt method tdl The tad: 

U F. Line 14 or line It,. ^ p £ eisi0n 1S SOT netessary, but <t does retledt 

the torredt ty?e, so it « valid 




Ii a client will NO I accept a cookie, which session management mechanism — 
could the web container employ? (Choose one.) 

LI A. Cookies, but NOT URL rewriting. 

B. URL rewriting, but Nt>T cookies. CANNOT W u'edTbut 

LI C. Either cookies or URL rewriting ran be used. URL rewriting does NOT depend 
LI I) Neither cookies nor URL rewriting can be used, on dooktes bein^ enabled 
LI E. Cookies and URL rewriting must he used together. 
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Which statements about HttpSession objects arc true.' 
(Choose all that apply.I 


ST A. 


A session whose timeout priiod h.is been m-i to —1 
will never expire. 


□ It. 

^ c. 


A session will become invalid ns soon as the usei 
closes all browser windows. 

A session will become invalid after a timeout period 
defined by the sen let container. 


^ I). A session may be explicitly invalidated by calling 

HttpSession.invalidsteSession(). 


(Servlet W 


-Option B •* 'rJt.orrt.ti bedause 
there is no e*pk't termination 
signal in the HTTP P^oWol 


-Option D IS intorrtd bedause 
the method that should be used is 
dalled invalidated) 


Which of the following are NOT listener event types in thcj2EE 1.4 API? (^PP 
iChoose all that apply, i 

□ A. HttpSessionEvent 
LJ B. ServletRequestEvent 

LJ C. HttpSessionBindingEvent -HttpSesnonB'ndm^&vents are used £o* 

3 I). HttpSessionAttributeEvent both HttfSesoonBmdinoi..steners AND 

n HttpSess.on/ittnbuteListeners 

I ServletContextAttributeEvent 


5 


Which statements about session tracking are true? 

(Choose all that apply, 

A. I KE rewriting may be used by a server as the basis lot- 
session tracking. 


^ B. 


SSL hits a built-in mechanism that a servlet container could 
use to obtain data used to define a session. 


□ C. When using cookies for session tracking, there is no 

restriction on the name of the session tracking rookie. 

I). When using cookies |br session tracking, the name ol the 
session tracking cookie must be JSESSXONID. 

□ E. If a user has cookies disabled in theii browser, the 

coittainci may i house to use a j avax.servlet.http. 
CookielessHttpSession object to track the user’s 
session. 


(Servlet ^ ^ 


-Option C « indonrddt bedause 
the spedi-fidation didtates that 
the session tradkin<v dookie 

must be JSESSlONID 

-Option E is indorredt 
bedause there is no 
sudh dlass 
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Ciiven: 

1. import javax.servlet.http.*; 

2. public class MySessionListener 

iiqolements HttpSessionListener { 
public void sessionCreated() ( 

System.out.println("Session Created"); 


(Servlei * 1 * ?• llW 


3. 

4. 

5. 

6 . 

7. 

8 . 

9. } 


> 

public void sessionDestroyed() { 

System.out.println("Session Destroyed"); 

} 


-Options A and B are tarred 
because these methods should 
have an HttpScssionEvent 
parameter 


Wh.il is wrong with this class;' (Choose all that apply] 

5a A. The method signature on line 3 is NOT correct. 
vJ B. The method signature on line fi is N( )T correct. 

LJ C. The import statement will NOT import the 

HttpSessionListener interface. 

I—) 1 ) sessionCreated and sessionDestroyed are N< >T the only 

methods defined In the HttpSessionListener interlace. -Option D is incorrect beta s 

these are the only two methods 


- Option C is mCorrect 
because the listener is defined 
m the imported package 


m this m ter-faee 


ry Which statements about session altrilmtes are trite? ('.house all that apply.] 

1 A. I he return tvpi ol HttpSession. getAttribute (String) is 

Object 


B The return type ol HttpSession. getAttribute (String) is 
String 

C. Attributes bound into a session are available to any other servlet 


(Servlet A*? ^ 


-Option B i* incorrect 
because the return 
type “ Object 


□ D. 



that belongs to the same servietcontext and handies a request 
identified as being part of the same session. 

Catling setAttribute ("keyA" , "valueB") on an HttpSession 

which alteady holds a value for the key keyA will cause an exception 
to he thrown. 


-Option D is incorrect 
because this call will simply 
replace the existing value 


((ailing setAttribute ("keyA", "valueB") on an HttpSession 

which already holds a value for the key keyA will cause the previous 
value for this attribute to he replaced with the Siring valueB. 
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8 Which uilcrfat ' n define .1 getSession() method! 1 
I Choose all tliat apply. 

G A. OervletRequest 
LI B. ServlctRcsponse 
^ ( HttpServletRequest 
G 1). HttpServletResponse 




9 


Given a session object s and the code: 

s.setAttribute("key", value); 


(Servlet qo) 


Which listeners could he notified? (Choose one. 

G A. Only HttpSessionListencr 

□ B. Only HttpSessionBindingListener 

LI C. ( >nl\ HttpSessionAttributeListener 

U 1) HttpSessionListener 

and HttpSessionBindingListener 

G lv HttpSessionListener 

and HttpSessionAttributeListener 

Sd I HttpSessionBindingListener 

and HttpSessionAttributeListener 

G G. All three 


-Option F >S iorrect because an 

is netted 

any tone an attribute >s added and the 
value object will also be notified if *t 
implements an HttpSessionB'ndmtjUstener 


10 


Given that req is an HttpServletRequest. which snippets . rrale a 


session il one doesn't exist? (Choose all that apply. 1 


if A req.getSession(); 

B req.getSession(true); 

G C. req.getSession(false); 

G 1). req.createSession() ; 

G I req.getNewSession(); 

G I req.createSession(true); 
G G. req.createSession(false); 


-Options A and B will each 
Create a new session if one 
doesn't e*«t <yet£ession( false) 
returns a null if the session 
doesn't e*tst 


(API) 
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11 


Given a session objeci 3 with two attributes named myAttrl and myAttr2. 
which will remove both attributes (font this session? (Choose all that apply 


□ A. 

R. 

□ C. 

□ I). 

□ E. 


s.romovoAllValuoe(); 

s.removeAttribute("myAttrl"); 
s.removeAttribute("myAttr2"); 

3 .removeAlLAttributes(); 

s.gotAttributo("myAttrl", UNBIND); 
s.getAttribute("myAttr2", UNBIND); 

s.getAttributeNames(UNBIND); 


-Option B 1* Correct, 
removeAttributeO is the only 
'id'] to re wove attributes from 
a session object, and >t removes 
only one attribute at a time 


12 


Which statements about HttpSession objects in distributed 
environments are true? (Choose .ill that apply. 

J A. When a session is moved front one JVM to another, any 
attributes stored in the session will be lost. 


(Servlet ^ «• t0> 

-Option A is mCorreCt because 
serialisable attributes will be 
transferred 


J 


i 


R. When a session is moved from one JVM to another, appropriately 
registered HttpSessionBindingListener objects will lx- 
notified. 

C. When .1 session is moved from one JVM to another, any session 

attiihute implmenting tin HttpSessionActivationListener 
interface s\ill lie notified. 

1). When a session is moved from one JVM to another, attribute 
values that implement java.io.Serializable will he 
transferred to the new JVM. 


-Opt. on B is incorrect 
Sinie attributes remain 
bound to the session 


13 


Which statements about session timeouts are true? 
I Choose all that apply.! 


_i » 

a/ r. 

c. 

□ a 

□ E. 


•Sr-siiifi iiJiicoUi dri i.ioiiiojis Jii.iur iii 

lime in seconds. 


.1 ims .:r.. 

me 1 /1 / 1 .ill ■'jin 111 


Session timeout declarations made in the 1)1) can specify 
lime in minutes. 


Session timeout declarations made progr.imm.uic.dl\ can 
specify time only in seconds. 

Session timeout declarations made programmatically c an 
spec ify time only in minute's. 

Session timeout declarations made programmatically can 
specify time in either minutes or seconds. 


(API) 


-In the DD, usm^ the 

<iessio»v-timeout> element) only 
minutes tin be specified, usin^ 
HttpSession's 

setAlas-lnactivelnter valO only 
seconds can be specified 
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— Option A rrfrrs to <S 
method that doesn't ewst 


- Opt .on C yt» a Cookie 
l Cookie of a s?et'Wd "*" e 


Choose the servlet code fragment that would retrieve from the request the value (API) 
of a cookie named “ORA_l ID”? Choose all that apply.) 

Q A. Stxing value = request.getCookie("ORA_UID"); 

B. String value - request.getHeader("ORA_UID"); 

2 < javax.servlet.http.Cookie[] cookies * 
request.getCookies(); 

String cName = null; 

String value = null; 
if (cookies != null){ 

for (int i = 0; i < cookies.length; i++) ( 
cName = cookies[i].getNaroe(); 
if (cName !■ null && 

cName.equalsIgnoreCase("ORA_UID")){ 
value = cookies[i].getValue(); 

> 

} 

) 

javax.servlet.http.Cookie(] cookies = 
request.getCookies(); 
if (cookies.length > 0){ 

String value ■ cookies [0] getValue(); 

) 


□ 1) 


— Option D only looks at the 
■first Cookie in the array 


(API> 


Whiih meihtjdfs! can lie used in ask the container to notify 1 your application 
1 o whenever a session is aUiut to timeout? (Choose all that apply. 

13 A. HttpSessionListener. sessionDestroyed -Ovtwn 0 thu is kind of round-about 


n i. 

■ D. 


3 


ni. 1 .— r» ... j -.r» J . Ji — —▼ i ... 1 ...« .... -I 

ncupocaaxuiioxiicixiiyiax» icnci . vdiucoouuu 


C: HttpSes sionBindingLis tener.valueUnbound 


-Oft ion 

U. i S si.. Wawr a. at tribute class this is 
a way to be informed of a timeout 


□ 1) 

□ E. 

□ E 


-* w - - thod 

HttpSessionBindingEvent.sessionDestroyed -Option P no sue>- 

-Ootion E removing an attribute 

HttpSessionAttributeListener. attributeRemoved 't t^htly associated with a 

HttpSessionActivationListener. sessionWillPassivate rfSJio|> ^ lmeou t 


Oftion f: session passivation IS 
ditterent than less™ timeout 
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Hi as would you Use (Ilf HttpServletResponse object in it sen let to add it cookie to llu 

It) client? 


(API) 


□ A. 


□ B. 

sf c. 


□ i). 


<cuntext-p«ti.ctiu> 

<param-name>myCookie</param-name> 

<param-value>cookieValue</param-valuG> ,^ fr ^ yj( 

</con text-par am> -Ofti"» 

response.addCookie("myCookie","cookieValue"); the idoL- CtnuV 

Cookie object, ^ ^ 

javax.servlet.http.Cookie newCook = 

new javax.servlet.http.Cookie("myCookie","cookieValue"); 

//...set other Cookie properties 
response.addCookie(newCook); 

javax.servlet.http.Cookie[] cookies = request.getCookies() ; 

String cname = null; 
if (cookies !■ null){ 

for (int i = 0; i < cookies.length; i++) { 
cName = cookies[i].getName(); 
if (cNarae 1= null && 

cName.equalsIgnoreCase("myCookie")){ 
out.println( cName + ": " ♦ cookies[ij.getValue(); 

^ -Option P is not Correct because it 

1 shows servlet Code retrieving not 

} Create a cookie 


Given: (APP 

XJ 13. public class ServletX extends HttpServlet { 

14. public void doGet(HttpServletRequest req, HttpServletResponse 
resp) 

15. throws IOException, ServletException { 

16. HttpSession sess = new HttpSession(req); 

17. sess.setAttribute("attrl” , "value"); 

18. sess.invalidate(); 

19. String s = sess.getAttribute("attrl") ; 

20 . ) 

21 . > 

What is the result? (Choose all dial apply.) 

^ A. Compilation Tails -OfUm A W It .s Correct ac«\u« a« object Thai 

□ B. Tl,c value of .» null •>») ) 

L) C. Tin* value of s is "value" 

□ D. An IOException is thrown 

□ K. A ServletException is tin own 

□ K An IllegalStateException is thrown 

280 chapter 6 



7 using JSP 


Being a JSP 



A JSP becomes a servlet. A servlet that you don t create The 

Container looks at your JSP, translates it into Java source code, and compiles 
it into a full-fledged Java servlet class But you ve got to know what happens 
when the code you write in the JSP is turned into Java code You can write Java 
code in your JSP. but should you? And if you don t wnte Java code, then what 
do you write? How does it translate into Java code? In this chapter, we ll look at 
six different kinds of JSP elements—each with its own purpose and, yes. unique 
syntax You II learn how. why, and what to write in your JSP Perhaps more 
importantly, you'll learn what not to write in your JSP 


this Is a new chapter 
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The JSP Technology Model Coverage Notes: 

6.1 Identify, descnbe, or write JSP code for the following Most is <«. end in this < hnput, hut tin 

elements: (a) template text, (b) scripting elements details behind in standard and custom 

(comments, directives, declarations, scriptlets, and actions, and <d> expression language 

expressions), (C) Standard and custom actions, and (d) elements are covered in later chapters. 

expression language elements. 

6.2 Wnte JSP code that uses the directives: (a) page (with / he page dinetiu is covered m this chapter, 

attributes import, session. contentType. and isELIgnored ), hut include and laglib are corned in lata 

(b) include, and (c) taglib. chapters. 

6.3 Write a JSP Document (XML-based document) that uses W earned here; refer to the eliaptn mi 

the correct syntax. Deployment. 

6.4 Describe the purpose and event sequence of the JSP -Iff tovered in this eliaptn. /Hint; these will 

page lifecycle: (1) JSP page translation. (2) JSP page hr some of the mast no-brainer questions 

compilation. (3) load class. (4) create instance, (5) call the «» the real exam, ones you ‘re learned tin 

jsplnit method, (6) call the JspService method, and (7) call fundamentals m this chapter.) 

the jspDestroy method. 

6.5 Given a design goal, wnte JSP code using the appropriate 
implicit objects: (a) request, (b) response, (c) out, 

(dl session, (el confia. (f) aoolication (at Daae. (hi 

I » - * * ■ •%-«-- F| ---- • xmes p - u • * » * 

pageContext. and (i) exception 

6.6 Configure the deployment descriptor to declare one or Hr rover ever, thing here except declaring tag 

more tag libraries, deactivate the evaluation language, and lib canes. That's covered in the Jaipur mi 

deactivate the scnpting language. f sing JftTL 

6.7 Given a specific design goal for including a JSP segment VW ion red here, refer to the next chapter 

in another page, write the JSP code that uses the most (Sniptless JSPs). 

appropriate inclusion mechanism (the include directive or 
the jsp/include standard action). 


All earned in this eliaptn. although You're 
expected to aheadr know what most of them 
mean based on the precious two chalrlrrs. 
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1m the eMd, a 4SP is just a servlet 

Yout |SI». vcntually becomes a full-fledged servlet running in your 
web app. It’s a Ini like any other servlet, except lhat the servlet class 
is written Jot you by the Container. 

The Container takes vvliat you've written in yout JSP, translates it 
into a servlet class source i.javai lile, then compiles that into a Java 
servlet class. Alter that, it’s just servlets all the way down, and the 
servlet runs in exactly the same way it would if you'd written and 
compiled the code yourself. In other words, the Container loads the 
servlet < lass, instantiates and initializes it, makes a separate thread 
for each request, and i alls the servlet s service' method. 


The most important point for 
this chapter is simply: what 
role does your JSP code play 
in the final servlet class 

In other words, where do 
the elements in the JSP ®" d 
up in the source code of the 



Some of the questions we ll answer in this chapter include: 

► Where does each part of yourJSP lile end up in the servlet source 
code? 

► Do vnu have access to the "servlcmrss" of vour JSP page? 
hit' example, does a JSP have a concept ol a ServletConhg or 
Sen letContext? 

► What are the ls|xs of elements you can put in a JSP? 

► What's the syntax for die different elements in a JSP? 

► What’s the lifecycle of a JSH and can vou step into the middle of it? 

► How do the diflen ni elements in a JSP interact in the final srnlet? 
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Making a JSP that displays how 
many times it's been accessed 


Pauline want* to use ,|SPs in her well apps site’s »<•«//1 sit k <il 
writing HTML into a servlet’s PriniWritrr prim In 

She decides in learnJSPs In making a simple rlynamir page that 
prints the number of limes the page lias been requested. She 
understands that you ran put regular old. Java code in a JSP using 
a seriptlet which just means Java code within a <% ... %> lag. 


c 

\ 


I know I can put Java code 
in the JSP. so W make a 
static method in a Counter 
class to hold the occess count 
static variable, and then Til 
call that method from the 
-v JSP... 


O 

o 




BasicCounterjsp 


-html> 

<body> 

The paqe count it: 

<% 


out.println(Counter.getCount()) 

%> 

</body> 

</html> The T”.“ A and'V « a 


.L" obveti « 

e , i. a U,Uten and 7k> '* * 


Counter java 


package foo; 

public class Counter I 

private static int count; 
public static synchronized int getCount() 
count**; 
return count; 

I 

1 pbm 
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She deploys and tests it 

It's trivial to d«-pluy and test. I he only tricky part is making 
sure tliiti the Counter class is available to the JSR and that's 
easy iust he sure the Counter class is in the WEB-INF/ 
classes directory of the web app She accesses the JSP directly 
in the browser at: http;//localhost:8080/testJSP1/BasicCounter jsp 


What she expected; 



BasicCounter.jtp 


5 ‘",7 * eJ, y<put 

the JSP*^ roo{ 

th.i web app 



put the patkay 

dittdx^ Jt>d 

m the WEB-INF/^ 5 * 1 
dmettovy, ard any part 
o* thti web app will be 
able to see it 


Counter class 



What she got; 

!♦ IH»tU«^>*. 


HTTP Status 500 




The server enoountered an internal error () that prevented it from fulfilling this request 
~j org apache jasper JasperException Unable to compile class for JSP 


ry-nf'! Qfj 


An error oocurrcd at lino: t m the psp file: Basic Countcrjsp 
Generated seivtef error 
[javac| Compiling 1 souroe file 

Users.1iaihy, l Applicabons2' r iakarta-tomcat-5 01 S'work/Catalina.'locaJiost'tesU SP1 /org/ 
apachejspBasicCounler jsp java 45: cannol resolve symbol 
symbol variable Counter 

location class org apache jsp basicCounter jsp , 7 

out.pnntl Counter getCountl)), . £,sure out what * wvor^ 

* Can 70 “ 

1 error 

org.apachc jasper compiier.DcfaultEmxHandter.javacErrorlDefauttEmxHaridky java: 1271 

org apache jasper compiler EnorDispatcher |avacError|ErrorOtspatchei java 351) 

org apache jasper compiler Compiler generateClassiCompiler java 415) 

org apache jasper compiler Compiler compite<Compiler javo:458) 

org apache jasper compiler Compiler compile(Compiler java 439| 

org apache jasper JspCompilationConlejd complei JspCompiationContext java 553) 

org apache psper servlet JspServletWrapper servioelJspServMWrapper java 291) 

org apache jasper servlet JspServlet.serviceJspFiletJspSGrvlet.java 301) 

org apache jasper servtet JspServletservice! JspServlet java246) 

javax-servlet http HttpServlet servrce(HtlpServtet java 356) 
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page directive po n .ltmbute 


The JSP doesn't recognize the Counter class 


Tlx- Counter class is in the foo package. hut there’s nothing in the JSI* 
to at know ledge that. It’s the same thing that happens to you with any 
other Java code, and von know the rule: import the package or use the 
fully-qualified i lass name in your cotie. 


I guess you hove to use the 
fully-qualified class name inside 
JS Ps. That makes sense, since 
all JS Ps are turned into plain old Java 
servlet code by the Container. But 
I sure wish you could put imports 
into your JSP code.. 



»i 


Counterjava 


package £ 00 ; 

public class Counter I 

private static int count; 
public static int getCount0 I 
count++; 
return count; 

I 

I 


JSP code was: 

•1 out .pt mtln (Counter .getc.unt () J; 


JSP code should be: 


s out .print In (£ 00 .Counter. jetCuunt ()); V- 

T 
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Use the page directive to import packages 


A diriiliiv is a way fur you in give spe( ial instructions to the Container 
at page translation time Directives cotnr in three flavors: page include. 
and taglib We ll look at the include and taglib directives in later 
chapters, lull for now all we > an about is the page directive, because it's 
the one that lets you impart. 


To import a single package: 

<%@ page import="foo .*" %> 

chtrnl> 

<body> 

The page count is: 

<% 

out.println(Counter.getCount()); 

%> 

</body> 

</html> 


This is a tpa^c d<rettive 
»por i )wi ^ 


an >»y 


( Nob« there's no Sfn-itolon 

at the end of a d<«tt>« > 




To import multiple packages: 


<%@ pago import="foojava.util.*" %> 

lit* a JL to «?*** the 
tE Quotes v around the ent-re U 


Notice what's different between the Java cotie that prints the counter 
and the page directive? 

The Java code is between angle brackets with percent signs: <% and 
%> But the directive adds an additional character to the start of the 
element the la sign! 

If you ui JSP fade t/mt stmts with <%f« . •■■m kmne it\ a tlnntii ■ (We’ll get 
into more details about the page directive later in the book.! 
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using expressions 


Put then Kim mentions "expressions" 

Juki w'hrn y>>u tlmuglii it was safe. Kim notice** the xcuptlet 
with an mit.printltn statement. This is JSP, folks. I’art of the 
w hole point of JSP is to amid println()! That's whv there** a 
JSI* expression element it automat it alls prints out whatever 
you put between the lags. 



Scriptlet code: 

■'*8 page import -"toe.•" s> 

<html> 

<body> 

The page count is: 

<% out .println(Cotinter.getCount()) ; %> 

</body> 


Expression code: 


page iraport="foo. *" - • 
<html> 


<body> 

The page count is now: 

<%= Counter.getCount() %> 

</body■ 


The e*pr«isiop « Sorter we dor i 
reed it> 6° V* r rmi 


Notice what's different between the lag for the scriptlet 
code and the lag for the expression? The unpll/l code is 
between angle brackets with percent signs; <% and %> 
But the expression adds an additional character to the start 
of the element an equals sign (= . 

ho far we’ve seen three different JSP element types: 


Scriptlet; 

<% 


Directive: 

<"..<5 


Kxpression: 

<%= %> 
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HELLO! If you're gonna tell us 
how to improve our code, you 
could AT LfcAM get the Jova syntax 
right there's no f rickin' semicolon 
at the end of that expression! 


Where* ie " 

/ 

<%= Counter.getCount() %> 


.colon 7 



Expressions become the argument 
to an out.printf) 

In other Words, the Container takes eirt 1 1htng you type between 
the and and puts it in as the argument to a 

statement that prints to the implicit response PrintVVriler nut. 

When the Container sees this; 

<%* Counter.getCount() %> 


It turns it into this: 

out.print(Counter.getCount()); 


If you did put a semicolon in your expression: 

<%= Counter.getCount()/ %> 


That would he hart. It wnulrt mean this; 

out.print(Counter.getCount();); 


^ y'lkes^f This will 
^ never 6omfl« 


NEVER end an expression with a samicolonl 

<%— neverPutASemicolonlnHere %> 
<%= becauseThislsAnArgumentToPrint() %> 
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expressions and page directive 



Well, if you're supposed to use expressions 

INSTEAD of putting out.printlnl) into a scriptlet, 
then why is the implicit "out" there? 

A i 

You probably won t use the implicit out 
variable from within your JSP page, but you might 
pass it to something else... some other object that's 
part of your app that does not have direct access to 
the output stream for the response. 



0 : 

In an expression, what happens if the 
method doesn't return anything? 


A: 

Ij. You'll get an error!) You cannot, MUST 
NOT use a method with a void return type as an 
expression. The Container is smart enough to figure 
out that there won't be anything to print if the 
method has a void return type! 


O' 

Why does the import directive start with 
the word "page"? Why is it <%$> page import...%> 
instead of just <%@ import... %>. 


A! 

Good question! Rather than having a whole 
big pile of different directives, the JSP spec has just 
three JSP directives, but the directives can have 
attributes. yVbat you Called "the import directive' is 
actually "the import attribute of the page directive”. 


0 : 

What are the other attributes for the page 
directive? 


A! 

Xx* Remember, the page directive is about 
giving the Container information it needs when 
translating your JSP into a servlet. The attributes we 
care about (besides import) are session, conteni- 
Type, and isELIgnored (we'll come back to these 
later in the chapter). 


^Sharpen your penal 


Decide which of the following expressions are and 
are not valid, and why. We haven t covered every 
example here, so make your best guess based 
on what you know about how expressions work 
(Answers are later In this chapter so do this NOW) 


Valid? (Check if valid, and if not, explain why not.) 

_l <%= 27 %> 

ml (iMath.random!I + 5 )* 2 ): "»> 

J “27" %> 

.J <•’..= Math.ranrinmO "»> 

_J <" u = String s = "loo" "„> 

_l <%= new Stnng|'f| %> 

_| <%= 42*20 "«> 

_J <%= 5 > (t %> 

J <%= false ,l ..> 


J new Counter %> 
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Kim drops the final bombshell... 




' 


<htmi> 

<body> 

<% int count-0; %> 

The page count is now: 

V " <%= ++count %> 

</body> 


Will it compile? 
* <■* Will it work ? 
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scriptlet variables 


Peclaring a variable in a scriptlet 

The variable declaration is /<■£«/. Inn it didn't quite work 
the way Pauline hoped. 


What she tried: 


x^fllei. 


c tcpreM»oi» 


drofl*d the durtftwe- 

^ Declare the C*«t '-ar.ahle 


<html> ~ --t,- 

< b°dy> PetUe * 

<% int count-0; %> 

The page count ia now: 

<%- ++count 

/body l»£K*e*i the £<W 

• /html -vJeuhU 


vAr,aWf ind print the walbe 


What she got the first time she hit the page: 



What she got the second, third, and every other 

time she hit the naae: 

- — -- - - • -- 
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What REALLY happens to your JSP code? 

You write a JSP. but it beannes a servlet. The only way to really tell 
what's happening' is to look at what the Container does to your JSP 
code. In other words, how does the Container translate your JSP into 
a servlet? 

Oner you know where different JSP elements land in the servlet's 
class file, you'll lind it much easier to know how to structure your JSP. 

The servlet code on this page is not tin- real code generated by 
the Container we simplified it down to the essential parts. The 
Container-generated servlet lile is, well, uglier. The real generated 
servlet source code is slightly harder to read, hut we will look at the 
real thing in a few pages. For now. though, all we care about is uhrtr 
in the servlet class our JSP code actually ends up. 


This JSP: 


Becomes this Servlet: 

public class basicCounter_jsp extends SomeSpecialHttpServlet i 


public void _jspService(HttpServletRequest request, 

HttpServletResporiiie response) throws lava. lu. tOException, 

ServletException I 


<htmlxbody> -> 

<% int o:»unt=0; %>-> 

The page count is now:-> 

<%- t+count %> -► 

</bodyx/html>-» 


I 

I 


PrintWriter out - response.getWriterO; 
response.setC- ntentType("texc/html"I; 
out .write ("<html>«.body>'’) t 


int count=0; 

out.write("The page count is now:"); 

out.print! ++count ); 

out.write(*</bodyx/html>''); 


q we O" V “ ikod J 1 


s er*' u 


cement — m 




,Lp a 
as 


ALL scriptlet and expression code 
lands in a service method. 

That means variables declared in a 
scriptlet are always LOCAL variables! 


Note if yov want to see the generated servlet Code from Tomcat, look m 
VoucTomcatHomePir /work/Catalina/ yonrServerName/ ywrtVcbA^/ame/ory'apacke/jjf 
(The underlined names will change depending on yovr syswmand your web ayp ) 
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JSP declarations 


Don't tell me—there 
must be another kind of 
JSP element for decloring 
instance variables instead 
of local variables... 



We weed another JSP element... 


Declaring the count variable in a scriptlet meant that the 
variable was reinitialized each tune the service method ran. 
Whit It means it was reset to 0 with each request. We 
need to somehow make count an imUtmr variable. 

So lar we’ve looked at directives, script lets, and expressions. 
Directives are for special instructions to the Container. 
scriptlets an just plain old Java that lands as-is within 
the generated servlet’s service method, and the result ol 
an expression always becomes the argument to a print'! i 
method. 

But there’s another JSP element called a declaration 


<%! int count=0; %> 

p, f -rsc-'t 

(!) *({<* 

SH, n (%y 


kerf 


ICU 

I 


JSP declarations are for declaring members of the 
generated servlet i lat. That means both i-ariablcs and 
methods! In other words, anything between the <"••! and 
%> tag is added to the class ouluilr the service method 
That means you can declare both static variables and 
methods. 
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JSP Declarations 


A,|S|. declaration is always defined w\ifit the class hut oul.fi/lf the service ;<>r 
any other method. It’s that simple declarations are lor static and instance 
variables arid methods. (In theory, yes. you could define other members 
including inner classes, hut 119.9999% of the time you'll use declarations for 
methods and variables. The rode below solves Pauline's problem: now the 
counter keeps incrementing each time a client requests the page. 

Variable Declaration 

This JSP: Becomes this servlet: 

public class basicCounter_]sp extends ScrmeSpecialHttpServlet i 



▼ V^V»UI 11 , O 

c/bodyx/html> 


int count=0; 

public void _jspServi.ce(HttpServletBequeat request, 

HttpServletResponne response)throws java.io.IOException I 

PrintWriter out - response.getWriter(); 
response.setContentType("text/html"); 
out.write("<html><body>"); 
out.write(“The page count is now:")/ 

out.print( ++count ); ^ 

out .write ("c/bodyx/httnl ; 


T1 ”‘ 

an i*>sta*“ ,, 
a total enable 


Method Declaration 

This JSP: Becomes this servlet: 


public class basicCc-unter_jsp extends Sc-meSpecialHttpServlet ( 


<html> 

<body> -» 

<t! int doublecount () { 
count = count*2; 
return count; 

) 

%> 

int count=l / '■* > 

The page count is now: 

<%= doubleCountl) %> 

</body> 

</html> 


I 


int doubleCount() { TWe ,. e tWod ) jcp 

count. = count*?; *ay you’Vfl*** 1 

return count; 

) Jt * Java, to no problem With forward -refer endinfl 

int count=l; <- fdeelar^ the variable AFTER you uted it .» a method) 

public void JspService(HttpServletRoquest request, 

HttpServletkesponse response)throws java.io.IOException I 
PrintWriter uut - respunse.getWriter(); 
response.setContentType ("text/html") / 
out.write(”<html><body >"); 
out.write("The page count is now:"); 
out.print! doubleCount() ); 
out.write(’*</body></html>*'); 
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the generated servlet 


Time to see the REAL generated servlet 

We've been kinking at a super-simplified version of the servlet the 
Container actually creates from yout |SP. There's no need to look at 
the Container-generated code during development, hut you can use 
it to help Irani. Once you're seen rvhal the Container does with the 
different elements of aJSP, you shouldn't need to ever look at the 
Container-generated .java source files Some vendors won’t Irt you see 
the generated Java source, and keep only the compiled .class files. 

Don’t he intimidated when you see parts of the API that you don’t 
recognize. Most of the class and interlace types are vendor-specific 
implementations you shouldn't care about. 


What the Container does with your JSP 

► Looks at the directives for information it might need during translation 

► Creates an HttpServlet subclass 

For Tomcat 5, the generated servlet extends 

org.apache.jasper.runtime.HttpJspBase 

► If there’s a page directive with an import attribute it writes the import 
statements at the top of the class file, just below the package statement. 

For Tomcat 5, the package statement (which you don't care about) is 

package org.apache.jsp; 

► If there are declarations it writes them into the class file, usually just 
below the class declaration and before the service method Tomcat 5 
declares one static variable and one instance method of its own 

► Builds the service method The service method s actual name is 
_jspService () It’s called by the servlet superclass' overridden 
service() method and receives the HttpServletRequest and 
HttpServletResponse As part of building this method, the Container 
declares and initializes all the implicit objects (You II see more implicit 
objects when you turn the page ) 

► Combines the plain old HTML (called template text) scriptlets and 
expressions into the service method, formatting everything and wnting 
it to the PrintWnter response output 


. 

• J There's little on the 

' exam about the 
generated class. 


We 've been showing 
generated code so that you 
can understand how the JSP : 
is translated into servlet code • 
But you don t need to know the j 
details about how a particular i 
vendor does it. or what the 
generated code actually looks i 
like All you need to know is the • 
behavior of each element type j 
(scnptlel directive, declaration. : 
etc ) in terms of how that 
element works inside the : 
generated servlet. You need j 
to know, for example that your ; 
scnptlel can use implicit objects, i 
and you need to know the 
Servlet A PI type of the implicit • 
objects But you do NOT need j 
fo know the code used to make j 
those objects available 


The only other thing you need 
to know about the generated 
code are the three JSP 
lifecycle methodsjsplnitf). 
jspDestroy, and jspServiceO 
(They re covered later in this 
chapter) 
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Tomcat 5 generated class 

package org.apache.jsp; 
Import javax.serviet.*; 
import javax.servlet.http.* 
import javax.servlet.jsp.*/ 


if vou Vuvt 

J fca* *1 

for *» 


< htmlxbody > 

<%l int count=0; %> 

The page count is nows 
<%= ++count %> 
</bodyx/html> 


public final class BasicCounter_jsp extends rg. apache.jasper. runtime.HttpTspBase 

implements org.apache.jasper.runtime.JspSourceDependent 


int count=0; 

private static java.uti1.Vector 


jspx_dependants 


public java.util.List getDependantsO 
return _jspx_dependants; 

I 




public void _jspService (HttpServietPequest request, HttpServletkesponse response) 

throws java.io.IOException, ServleLExceptlon | 

JspFactory _jspxFactory = null; 


PageContext paqeContext = null/ 
HttpSession session - null; 
ServletContoxt application = null; 
ServletConiig conlig - null; 

JspWriter out = null; 

Object page - this; 

JspWriter _jspx_out = null; 

PageContext _jspx_page_context - null; 


The Conta.ner declares a bunch 
<tt own local variables, including 
those {hat represent the Vplicif 
^objects your code might need, like 
**t and request . 


re-quest, response, 


try | 

pxFactory “ JspFactory.getDefaultFactoryO; 
response.setContentType("text/html"); 
pageContext = jspxFactory.getPageContext(this 
null, true, 8192, true); 
jspx page context = pageContext; 
application = pageContext.getServletContext 0 ; |s|ow rt tr* 4 
conlig - pageContext .getServletConflg 0 ; 
session = pageContext.aetSession (); 
out - pageContext.aetOut O; 

_jspx_out = out; 

out.write("\r<html Ar<body>\r"); 
out.write ( M \rThe page count is now: \r"); 
out.print! +>count ); 
out .wr Ite (’ , \r</bady>\r</html>\r M ); 

( catch (Throwable t) I 

it Hit instanceof SkipPageException))( 
out = _jspx_out; 

if (out l- null && out.getBuffertile0 !- 0) 
out.clearBuffer() 




l^nd it tries to run and output 
you r JSP HTML, scriptlet, and 
expression Code 


Of 


Course things 
jht go wrong 


it < jspx_paue context null) ispxpagecontext.nandlePageExcepti n(t); 

finaily | 

if (_]spxFactory !- null) _jspxFactory.releasePageContext(_jspx_page_context), 
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JSP mplicii objects 


The out variable isn't the only i mplicit object ... 

\Vhi»n a (Container translate* theJSP into a servlet, the beginning of the 
service method is a jjilr- oT implicit object declarations and assignments. 

With implicit object*, you < an write a )Sl* knowing that your code is going 
to he part ol a servlet. In other words, you can take advantage of your 
ser\ letness. even though you’re not ilinrth writing a servlet class yourself. 

Think back to chapters I. :*>. and ti. What Were some of the important objec ts 
you used? How did your servlet get servlet in it parameters? How clid your 
servlet gel context init parameters? How did your servlet get a session? How 
did your servlet get the parameter* submitted by the client in a form? 

These are just a few ol the reasons your JSP might need to use some ol what’s 
available to a servlet. All of the implicit objects map to something front the 
Scrvlel/JSP API The rrqur\t implicit object, for example, is a reference to the 
IlttpServletRequest object passed to the service method by the Container. 


API 

JspWriLer 
HttpServletRequest 
HttpSeivietResponse 
HttpSession 
ServletContext 
ServletConfig 
Throwable 
PagcContcxt 
Ohiert 




Implicit Object 

_ out ^ c session, *TT , 


request 

response 

session 

.ippl ication 

config 

exception 

pagcContcxt 


" ■ w " > ■■ 

■Hi" 

tp desir'd C" 

- %tc that latcv m the 


' Z' PagrConW oidJPtulatet other 

objects, so T you «,«. _ l.i_ 

heW c* use that referervde to «t 

InTItH * ^ 0THBR 

and attributes fro* a || sCofes J 


What’s the difference between a JspWriter and a PrintWriter I get from 
an HttpServletResponse? 


A : 

il The JspWriter is not in the class hierarchy of PrintWriter, so you cant use it 
in place of a PrintWriter. But it has most of the same print methods, except it adds 
some buffering capabilities. 
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Exercise 


BE the Container 

Each of the listings is 
fm, z job is to figure out wh 
SlM- the Container tries to 
a servlet. Will the Ct 
to translai 
legal. CO 
code? 

® "hat bap, 
W accesses 


<html><bi dy> 

Test sctiptlets.. 

int y-5»x; % 
<% Int x=2j %> 
</bodyx/btml> 


© 


<S@ page ijnport=” java.util. *" % 

<htroi xbody> 

Test script let s... 

<% ArrayList list = new ArrayList0; 
list.add(new String("foo")l; 

<*>= list. get(0) %■- 

</body></html> 




<htJiilxbody> 

Test scriptlets... 
<%! int x = 42; %> 
<% int x - 22; 

< s s= x 

</body></htnil-> 


using ISP 
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JSP exercise 



Mock Exam Magnets 

Study ttie scenario (and everything else on this page) then place the 
magnets on the JSP to make a legal file that would produce the correct 
result. You oon t nave to use any magnet more than once, and you 
won t use all of the magnets This exercise assumes there s a servlet 
(which you don't need to see) that takes the initial request, binds an 
attribute into the request scope, and forwards to the JSP you re creating 


(Note we called this "Mock Exam Magnets' instead o< ‘Code Magnets because 
the exam is FULL of Drag and Drop questions like this one) 


Design Goal 


Create a JSP that will produce this 



The text ‘extreme knitting' comes from a 
form request parameter You'll need to gel 
that parameter from your JSP A servlet will 
get the request first (and then forward the 
request to your JSP) but that doesn t change 
the way you get the parameter in your JSP 


The three names come from an ArrayList 
request attribute called "names’' You'll 
need to get the attribute from the request 
object. Assume a servlet got this request 
and set an attnbute in request scope 


The HTML form 

<html><body> 

<form method="POST" 

aetion="HobbyPage 


r 


’ . I l . _ 


Chooee a hobby:-p' 


<seiect name-"hobby" size-"l"> 
<option>horse skiing 
<option>extreme knitting 
<option>alpine scuba 
<option>speed dating 
</select> 

<brxbr> 

<center> 

<input type="3USMIT"■ 
</center> 

</forni> 

</bodyx/html> 


Important tips and clues 

► The request attribute is of type 
lava util ArrayList 


► 


The implicit vanable for the 
HttpServletRequest object is named 
request and you can use it within 


scnpiiets or expressions, but not within 
directives or declarations Whatever 
you can do with a request object in a 
servlet, you do Inside your JSP 


► A JSP s servlet method can process 
request parameters, because 
remember, your code is going to be 
inside a servlet's service method. You 
don t have to worry about which of the 
HTTP methods (GET or POST) was 
used in the request 
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using JSP 


We ve put a few lines in for you The code you put in this JSP 
MUST work with the code that s already here When you're 
done it should be compilable and produce the result on the 
opposite page (you must ASSUME that there's already a work¬ 
ing servlet that first gets the request, sets the request attribute 
names" and forwards the request to this JSP) 


STOP 1 * 


.1 


The friends who share your 


hobby of 


: 
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exercise answers 


BE the Container 



#2 is straightforward and works #1 ts a fundamental Java 
language issue (using a local variable before it’s declared), and 
#3 also demonstrates a fundamental Java language issue—what 
happens when you have an instance and local variable with the 
same name. So you see... if you translate the JSP code into 
servlet Java code you'll have no trouble figunng out the result 
Once your JSP stuff is inside a servlet, it's just Java. 


© 


<htmlxbody • 

Test scriptlets... 
<- int y=5+x; %> 

<% Lnt x=2; %> 
</bodyx/html> 


Thu won’t compile ( It'* enattly 
like wnting a method with 


void fooO { 

k 

mt y — *5 + 


mt * = 2 .; 


} 


/°* « trying to use variable V 
BEFORE its defined The Java 
language doesn't allow that, and the 
Container won t bother to rearrange 
the order of your sCriptlet Code 




<s@ page import-"java.utii" *> 

* htmlxbody> 

Teat sctiptleta... 

<% ArrayList list = new ArrayList O; 
list.add(new String t*foo")); 

%> 

<S- list.get(0) 

</bodyx/html> 



Test scnptlets... foo 


Ko problems, points the 
first ^nd onh/) object » 
the ArrayLut 





Tesl scripllcts... 22 
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Code Magnets 
Answers 


If your answer looks a little different but you 
still think it should work—try it! You II have to 
make the servlet that takes the form request, 
sets an attribute and forwards (dispatches) 
the request to the JSP 



<h tmj Xbody> 


Yk need the import pay directive 
because of ArrayLut and Iterator 


The friends who share your hobby of 



Use an expression 

<br> 

<% I %> Finish the while loop block I (If you 
fwyt this, it wont Compile) 

I </bodyx/titml> ft 
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valid and invalid expressions 


A comment... 

Yes, you can pul rommenl* in your 
JSK II vou'rc a Java programmer vv iih 
very little H TML experience, you 
niiglu find yourself typing: 

// tins is a comment 

without thinking twice. But if you 
do, then unless it’s within a scriptlet 
or declaration tag. you’ll end tip 
DISPLAYING; that to the client as 
part of the response. In other words, 
to the Container, those two slashes are 
ptst more template text, like “Hello” or 
“Entail is:". 

You can put two different types of 
continents in a JSP: 

► <!-- HTML comment --> 

The Container just passes this straight on 
to the client, where the browser interprets 
it as a comment 


► <%-- JSP comment -%> 

These are for the page developers, and 
just like Java comments in a Java source 
file, they're stnpped out of the translated 
oaae. If vou're tvolna a JSP and want to 

• 4 /1 

pul in comments about wlial you le doing 
the way you'd use comments in a Java 
source file, use a JSP comment 
If you want comments to stay as pari 
of the HTML response to the client 
(although the browser will hide them from 
the client s view), use an HTML comment. 


-OKarpen your pencil 

w _ AMCIA/EOC 


ANSWERS 

Valid and Invalid Expressions 

Valid? 


4 


27 %> 

All primitive literals are fine 


-J <"i.= ((Mafh.random() + 5|*2>; %> 

HO! The semicolon can’t, be here ^ 

3D <°«= “27" %> 

String literal i* fine 

V <"o= Maih.niiidiniiO 

Yes, tKe »etbod returns a double 

_J <°i>= Siring s = "Ido” 

HOl You can’t have a variable declaration here 

u <%= new Siriiii'lH| %> 

Ye*, because the new String array is an object, and ANY* 
object can be sent to a prmtlnO statement 

J <% = 42*20 %> 

HO 1 The arithmetic is fine, but there’s a space between 
the % and the — (t can’t be <% it must, be <%— 

Xl <%= 5 > 3 %> 

Sure, this resolves to a boolean, so it prints ‘true’ 

*U <%= false '\.> 

We already said primitive literals are fine 

5* new CounterQ 

No problem This n just like the String].. it prints 
the result of the object's toStrin^O method 
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API for the generated servlet 

The Container generates a class from yourJSP that 
implements the Hupjxpl'agr interface. This is the only 
part of the generated servlet’s API that yon need to 
know You don't care that in Tomcat. Idr example, your 
generated servlet extends: 

org. apache, jasper . runt Ini'.-. HttpJsp>Bas*.- 

All you need to know about arc the three key methods: 


► jsplnit() 

This method is called from the tmt() method 

You can override this method. (Can you figure out how?) 



► jspDestroy() 

This method is called from the servlets destroyO method. 
You can override this method as well 


► JspService() 

This method is called from the servlets service() method, 
which means it runs in a separate thread for each request. 
The Container passes the Request and Response objects to 
this method 

You can t override this method' You can t do ANYTHING with 

fhic motKnH wniircotf /ovronl uirilo rrwte that nnoc inci/io it^ 

utm mvim/M j wwi vvm »• * nv wvvtw m«mi ywvw n iviws. i%/, 

and it's up to the Container vendor to take your JSP code 
and fashion the jspServ»ce() method that uses it. 


j 

at th 


Note the underscore 
at the front of the 
jspServlce() method 

It 's NOT in front of the other two methods. 
isolnitO and jspDestroyO Think of it this 
way. the underscore m front of the method 
means "don't touch!" 

Cn no underscore m front of the name 
means you can override But if there IS 
an underscore In front of the method 
name, you must NOT try to override iff 
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JSP lifecycle 


Lifecycle of a JSP 

You write the .jsp file. 

The Container writes the Java file for the servlet your JSP becomes. 


(?) Kim writes a jsp file, 
and deploys it as 
part or a web app. 


The Container “reads" the web.xml (DD) for 
this app, but doesn't do anything else with the 
jsp file (until the first time it's requested) 



m 


MyJSPjsp 


© 


The client hits a link 
that asks for the jsp 


The Container tries to TRANSLATE the jsp 
into java source code for a servlet class 




art 




The Container tries to COMPILE the 
servlet java source into a class file. 


'/ivj 




**3" h e 


compile 


gg 

generate_^ 

-ty 

l»ll ton 
||U* tIMI 

srai «» 



iioj mo 




MyJSP jspjava 


MyJSP jsp cliss 


Web Container 
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JSP lifecycle continued... 


© 


The Container LOADS the 
newly-generated servlet class 




The Container instantiates the 
servlet and causes the servlet's 
jspInitQ method to run, 



Web Container 


The object is now a full-fledged servlet, 
ready to accept client requests. 


becomes 




© 



The Container creates a new thread to 
handle this client's request, and the 
servlet's _jspService() method runs. 


Everything that happens after 
this is just plain old servlet 
request-handling. 



Eventually the servlet sends a 
response back to the client (or 
forwards the request to another 
web app component). 
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translation and compilation 


Wow I am truly impressed. I 
would never have guessed that 
they could make requesting a JSP 
take just as much overhead as calling a 
method on an EJB I'm thinking the client 
has to wait, what, five minutes for all 
that translating, compiling, and 
initializing? 



Translation and compilation 
happens only ONCE 

When you deploy .1 web app with «JSP, the 
whole translation and compilation step happens 
only once in the JSP’s life. Once if s been 
translated and compiled, it’s just like any other 
servlet. And just like any other servlet, once that 
servlet has been loaded and initialized, the only 
thing that happens at request time is creation or 
allocation of .1 thread for the service method. So 
the picture on the previous two path's is Ibr only 
the first rrqurst. 

0 - 

OK, so that means only the first client to ask 
for the JSP takes the big hit. But there MUST be a 
way to configure the server to pre-translate and 
compile...right? 


A: 

AUU<m./iU »♦ nnltt ♦ U « ♦ l-v -% ♦ K *\r ♦ <-» 

X M- nuiiuuyit 11 :> omy tntr 1101 client mm na> tu 

wait, most Container vendors DO give you a way to 
ask for the whole translation/compilation thing to 
happen in advance, so that even the first request 
happens like any other servlet request. 


But watch out it's vendor-dependent and not 
guaranteed. There IS a mention in the JSP spec (JSP 
11.4.2) of a suggested protocol for JSP precompilation 
You make a request for the JSP appending a query 
string '?jsp precompile* and the Container might (if 
it chooses) do the translation/compilation right then 
instead of waiting for the first real request. 
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If the JSP turns into o 
servlet I wonder if I can 
configure servlet init parameters... 
and while I'm at it, I wonder if I 
con override the servlet's init() 
method... 




Sharpen your pencil 

Think about these questions Rip back through 
earlier pages (and chapters) it you need to. but 
don t turn the page until you ve done this 

Yes. you CAN get servlet init parameters from a 
JSP. the questions are 

1) How would you retrieve them in your code? (Big 
huge gravel-hauling hint pretty dose to the same 
way you retrieve them in a ’normal' servlet From 
which object do you normally get servlet init param¬ 
eters? Is that object available to your JSP oode?) 


2 ) How/where would you configure the servlet init 

naramolers? 


3 ) Suppose you do want to ovemde the init() 
method how would you do it? Is there something 
else you can do that II give you the same result? 
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Initializing your JSP 

You am do servlet initialization stud in your JSP, hut it’* slight/} 
different from what you do in a regular servlet. 


Configuring servlet init parameters 


You configure sen Id init params for your JSPvirtually the same way you 
configure them lor a normal servlet. The only difference is that you have 
to add a <jsp-filc> element within the <servlet> lag. 


<web-app ...> 

<servlet> 

oervlet-name >MyTestInit</servlet-name> 

<jsp-flle>/TestInit.jsp</jsp-flle> 

<init-param 

<pa i ant-name >ema i 1< /pa r am-name> 
<param-va1ue>jkickedbutt@wick«dlysmart. 

</init-paramo 
</serviet> 

<servlet-mapping> 

<servlet-name>MyTeatinit</s€(rvlet-riajne> 

■: ur1-pattern>/TestInif.jsp</url-pattern> 
</serviet-mapping> 

</web-app> 


o w fcafc’s 6 .tterent 


corns/param-value> 


ievv,f t foe a Jsp 
you «uit alio d e f, , , , * 

k &e vlsp pay * 


Overriding jsplnit() 

Yes, it’s that simple If you implement a jsplnitf method, the Container tails 
this method at the beginning of this page’s life as a servlet. It’s called from the 
servlet’s init: method, so l»y the time this method runs there is a ScrvletGonfig and 
SenictContcxt available to the servlet. That means von can call gctScrvleiConfig; 
and gctScrvlctContcxt! > from within the jsplnitl i method. 

’fliis example uses the jnpInilO method to retrieve a servlet init parameter 
configured in the 1)1). and uses the value to set an applic ation-scoped attribute. 


<%! <r 


to 


public v-ia jsplnit() | 

ServletConfig sConlig - getServietConfig (); 

String emailAddr = sConfig.getlnitParaitieter ("email"); 
ServletCc-ntext ctx = getServletContext (>; 


y " r* 

M* tall yosar 

ytStrvletCot^ 0 method 


« mCTLY what 
d do in a normal *rv| c t 


ctx.setAt Lr ibute ( "mal l ”, eir.a i 1 Addr) ; 


) 


*> 


4 et i wU tt to the SerdetContent 
set an ipplitation-stope attnbute 
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Attributes in a JSP 

Tin* example on tin* opposite page shows thr JSP selling .in application-scoped 
attribute using a method declaration that overrides ispliiiii). Hut tnosi of the 
time you’ll be using one of the four implnil abjrcts to get and set attributes 
corresponding to the four attribute scopes available in a JSP. 

Yes, four Remember, in addition to the standard servlet request, session, and 
application context scopes, a JSP adds a fourth scope page scope that you gel 
front a pageContext object. 

You usually won’t need (or care about page scope unless yntt’ir developing 
custom tags, so we won’t s;»\ any more about it until the custom tags chapter. 



In a servlet 

In a JSP 

(using implicit objects) 

Application 

getServletContext() selAttnbulepfoo” barObj) 

application setAttritxjteC’foo’. barObj), 

Request 

request. setAttributeffoo'. barOb|). 

request setAtlnbuteffoo’ barObj). 

Session 

request getSession() setAIInbutefloo’. barObj) 

session setAttributeffoo’. barObj), 

Page 

Does not apply! 

pageContext selAttnbutef'foo’. barObj), 


But this isn't the whole story! In a JSP. there’s anolhrr way to get and 
set attributes at any scope, using only the pagcContcxt implicit object. 
Turn the page and lind out how... 


f flo! There’s no such thing as -context”7cope 
HL«J even though attributes in application sc p 
''' are bound t o the ServletContext object. 

tinn minht tnc k you into thinking that attributes stored 
The naming convention migi ! _ B (h s no such thing. 

>n the ServletContext are t. Bui there’s an 

a^UcjuoTq^ttribute t-foo-l 
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Using PageContext for attributes 

You ran use a PageContext reformer to get attribute* 
fmm any scope, including the page scope for attributes 
bound to the PageContext. 

The methods that work w i11 1 other scopes take an iut 
argument to indicate the scope. Although the attribute 
access methods come from JspContcxt, you'll lind the 
constants for the scopes inside the PageContext class. 


JspContext 

getAttribute(String name) 
getAttribute(String name, int scope) 
getAtuibuteNamesinScopejint scope) 
findAttributefString name) 

methods that work 
II more methods for ANV 
II including similar methods to 
II set and remove attributes from 
II any scope 

- 3 - 


PageContext 

APPLICATION SCOPE 

PAGE SCOPE 


REQUEST SCOPE 

SESSION SCOPE 

II more fields 

field* 1 

getRequest() 

*'b ods 

getServietConfigO 

getServletContext() 

getSession() 

II more methods 
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Examples using pageContext to 
get and set attributes 

Setting a page-scoped attribute 

<* Float one - new Float(42.5); 

< pageContext. setAttribute <"foo", one); *s> 


Getting a page-scoped attribute 

<%= pageContext.getAttribute("foo") %> 


— 

pageCo 
^ gctAttri 


pageContext 
gctAttribnte(Strinq) 

is for page scope 

Them am TWO overloaded getAttnbutef) 
methods you can call on pageContext 
a ono-arg that takes a Stnng and a 
two-arg that takes a Stnng and an ml 
The one-arg version works )uslIBteall 
the others-ifs for atlnbutes bound TO 
the pageContext object But the two-arg 
version can be used to get an attribute 
from ANY of the four scopes 


1 


Using the pageContext to set a session-scoped attribute 

<% Float two » new Float(22.4); %> 

- pageContext.setAttribute("foe", two, PageContext.SESSION_SCOPEi; » 


Using the pageContext to get a session-scoped attribute 

-= pageContext.getAttribute("ft'", PageContext.SESSION_SCOPE) 
Which ts identical lo: «■:%= eefisi.n.getALtributer’foo") i> I 


Using the pageContext to get an application-scoped attribute 

Email is; 

• -= pageCi mtext.getAttribu’-e ("mail", PageContext.APPLICATION_SCOPE> 

Within a.JSP, lilt* rode above is identical in: 

Email is; 

%= application,getAttribute("mail") - * 


Using the pageContext to find an attribute when you don’t know the scope 

1 ? 

pageContext .find-.t tribute ("too") *> ft ■wt' £Te 

Where dors the liiHlAltribuir( method look! Ii looks first in (lit* page context. so if there's .i “too" 
attribute with page context scope, then calling//nrfAttributc(String name) on a PageContext works just 
like calling tjr/AttributoString nanu on a ftigcCoiUcxt. But ii there’s no "loo" attribute, the method 
starts looking in other scopes, from most restricted to least restricted scope in othei words, first 
request scope, then session, then fimalh application scope. The first one it finds with that name wins. 
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While we're on the subject... let's 
talk wore about the three directives 

WV already looked ai the directive used lor getting import statements into 
the generated serv let class made from yout JSP. That w as a {hV;< directive 
<>ne of the three dim live types i with .in import attribute due of 13 
attributes of the page directive;. We’ll take a quick look now at the others, 
although some won’t be covered in detail until later chapters, and some 
won’t be covered in detail at all in this book, because they’re rarely used. 

(?) The page directive 

< page import="foa. ‘ ,w session=*£alse" 

Defines page-specific properties such as character encoding, the 
content type for this page’s re.sjmn.se. and whether this page should 
have the implicit session object. A page directive can use uj) to 
thirteen different attributes :like the import attribute . although only 
four at tributes are covered on the exam. 

(g) The taglib directive 

<%@ taglib t.agu: r“"/WEB-INF/tagis/cool" preflx-'co.si" 

Defines tag libraries available to thcjSP We haven't talked about 
using custom lags and standard actions yet. so this might not make 
am sense at this point. Just go w ith it Ibr now...we have two whole 
chiijiters on tag libraries coming up soon. 


(3) The include directive 

include 1 • ■ " 


llpHtu's l#»vt ii\rl 1 full* fit it <f»'U irlrLwl ittlri llw * nnvitr **•/»»» 

• too i< at sioti \ <no «••••« (js sj mmv«vw !««»•> t toiv to 

at translation time, litis lets yon build reusable chunks like a 
standard jiage heading or navigation bar? that can be added to 
each page without having to duplicate all that code in each JSP. 


0 : 

I'm confused... this page heading says , "while we're on the subject..." 
but I don’t see how directives have anything to do with pageContext and 
attributes. 


A: 

Jt\ They don't, not really. We just said that to cover a bad pathetic 
nonexistent transition between two unrelated topics. We hoped nobody would 
notice, but NO...you just couldn't let it go, could you? 
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Attributes to the page directive 

Of the lit page direc tive attributes iu thrjSP 2.0 spec, onlv /tw arc covered on the 
exam. You do NO T have to memorize the entire list; just get a feel for what you c an do. 
' We'll look at the* tsELlgnoitd and tlie* two error-related attributes in later chapters. 


POSSIBLY on the exam 


import 

isThreadSafe 


contentType 

isELIgnored 

isErrorPage 

errorPage 


Defines the Java import statements that'll be added to the generated servlet class You get some 
imports for free {by default): java lang (duh). javax servlet, javax servlet http, and javax servlet jsp 

Defines whether the generated servlet needs to implement the SingleThreadModel, which, as you 
know, is a Spectacularly Bad Thing The default value is true' which means 'My app is thread 
safe so I do NOT need to implement SingleThreadModel, which I know is inherently evil" The only 
reason to specifiy this attribute is if you need to set the attribute value to "false", which means that 
you want the generated servlet to use the SingleThreadModel, but you never will. 

Defines the MIME type (and optional character encoding) for the JSP response You know the default 

Defines whether EL expressions are ignored when this page is translated We haven t talked about 
EL yet that's coming in the next chapter For now. just know that you might choose to ignore EL 
syntax in your page, and this is one of the two ways you can tell the Container 

Defines whether the ament page represents another JSP s error page. The default value is "false", 
but if it's true, the page has access to the implicit exception object (which is a reference to the 
offending Throwable) If false, the implicit exception object is not available to the JSP 

Defines a URL to the resource to which uncaught Throwables should be sent If you define a JSP 
here, then that JSP will have an isErrorPage-’true” attnbute in its page directive 


NOT on the exam 


language 


extends 

session 

buffer 

autoFlush 

info 

pageEncoding 


Defines the scripting language used in scnptlets expressions and declarations Right now the only 
possible value is "java” but the attribute is here because isn't it just like those spec developers to be 
thinking of the future when other languages might be used 

Defines the superclass of the class this JSP will become You won't use this unless you REALLY 
know what you re doing—it overndes the class hierarchy provided by the Container 

Defines whether the page will have an implicit session object. The default value is "true" 

Defines how buffering is handled by the implicit out object (reference to the JspWnter) 

Defines whether the buffered output is flushed automatically. The default value is "true" 

Defines a String that gets put into the translated page, just so that you can get it using the generated 
servlet s inherited getServletlnfo() method 

Defines the character encoding for the JSP The default is 'ISO-8859-1' (unless the contentType 
attribute already defines a character encoding or the page uses XML Document syntax) 
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Interoffice Memo from the CTO 


URGENT 

Effective immediately, anyone caught 
using scriptlets, expressions, or 
declarations in their JSP code will be 
suspended without pay until such time 
as it can be determined whether the 
programmer was fully responsible or 
simply trying to maintain some OTHER 
idiot's code. 

If, in fact, the determination is 
made that the programmer is, in fact, 
responsible, t he company will g. ahead 
and, in fact, terminate the employee. 


Rick Forester 

Chief Technology Officer 


"Remember: there la no "1" in TEAM." 


"Write your code as if the next guy* 
to maintain it is a homicidal maniac 
who knows where you live." 

[•Note to KR: we use "guy" in its non¬ 
gender specilic form. 1 
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Scriptlets considered harmful? 

Is n true? Could there be a downside to putting all this Java into your JSP? Alin 
all, isn’t that the whole linkin' POINT to aJSP? So that you write your Java in 
what is essentially an HTML page as opposed to writing HTML in a Java class? 

Some people believe OK, technically a l»i of people including the JSP and 
Servlet spee Irantsi that it’s badptarha to put all this Java into yourJSP. 

Why ? Imagine you’ve been hired to build a big web site. Your team includes 
a small handful o[ back-end Java programmers, ami a huge group of “web 
designers” graphic artists and page creators who use Dreamweaver and 
Photoshop to build fabulous-looking web pages. These are not programmers 
(well, except for the ones who still think H I’ML is “coding”). 



Aspiring octors working os web designers 
while waiting for their big showbiz break 
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scripting is out there 


A 


Two questions—WHY are 
you making us learn it, and WHAT is 
the alternative? What the f*** else 
IS there besides HTML if you can't 
put scriptlets, declarations, and 
expressions in your JSP? 



There didn't used to PE an alternative. 

That means there are already mountains of >1’ tiles brimming with 
Java code stuck in evety conceivable spot in the page, nestled 
between script let. expression, and (let luratiou tag*. It’s out there 
and there isn’t anything anyone can do to change the past. So 
that means you've got to know how to rrad and understand these 
elements, and how to maintain pages written with them (unless 
you're given the chance to massively retai lor the app’s JSIV 

Secretly, we think there’s •-till a place for some of this—nothing 
beats a little Java in a JSP for quickly testing something out on your 
server. Dill for the most part, you don’t want to use this for real, 
production pages. 

The reason this is all on the exam is because the ollrrnalices are still 
fairly new. so most of the pages out there today are still “old-school". 
for the time being, you still time to be able to tioih with it . 1 AI 
some point, when the new Java-free techniques hit u itii al mass, the 
nhjrctiue* from this chapter will probably drop off the evam. and 
we’ll all breathe a collective sigh al the death of Jav.i-in-JSPs. 


But today is not that day. 


(Note to patents and teachers the tout-let¬ 
ter word tmplted n tilts thought bubble Brat 
starts with T tallowed by three asterisk 
a NOT what you Bunk. It was just a word 
tost we found too funny to ndude wrBwut 
distracting the reader so we bleeped it out 
Because is fanny Not bed ) 
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EL: the answer to, well, everything. 

Or utmost everything. But certainly an answer to two big 
complaints about putting actual Java into a JSP: 

1) Web page designers shouldn’t have to know Java. 

2) Java code in a JSP is hard to change and maintain. 

HI. stands lor “Expossion Lunguagc", and it bet ante officially 
part of the spet beginning itli JSP 2.0 spr<. F.L is nearly 
always a much simpler way to do some of die things you’d 
normally do with script lets and expressions. 

Of course right now voii'rs thinking, "But if I want my JSP 
to use custom methods, how can I declare and write those 
methods if 1 can’t use Java?” 

Ahhhh writing the actual functionality (method code) is not 
the purpose of 1)1, The purpose of EL is to olTet a simpler way 
to iiu'olf Java code but the code itself belongs somtuhttf fist. 
That means in a regular old Jav a class that’s either aJavaBean, 
a class with static methods, or something called a Tag Handler. 
In other words, you don’t write method code into your JSP 
when you’re following today’s Best Practices. You write the Java 
method somruhnr rlsr, and full it using EL. 
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Sneak peek at EL 

The entire next chapter is on EL, so we won’t go into details here. 
I’lu* only reason we're covering ii is because it’s yet another kind 
of element with its own syntax) that goes in a JSP. and the exam 
objectives for this chapter include recognizing everything that can 
go into a JSH 


This EL expression: 

Please contact: $(applicationScope.mail) 

Is the same as this Java expression: 

Please contact: <%= application.aetAttribute("mail” 



Not to be all negative, but I'm not sure I see an earth-shattering 
difference between the EL and the Java expression. Sure, it's a little 
shorter, but is that worth a whole new scripting language and JSP 
coding approach? 

A: 

You SO haven't seen the full benefit of EL yet. The differences 
will become obvious in the next chapter when we dive in. But you must 
remember that to a Java programmer, EL is NOT neccessarily a dramatic 
development advantage. In fact, to a Java programmer it simply means 
'one more thing (with its own syntax and everything) to learn, when. hey. I 
a Iteady KNOW Java 

But it’s not always about you. EL is much easier for a non Java programmer 
to learn and get up to speed in. And for a Java programmer, it is still much 
easier to maintain a scriptless page. 

Yes, it's still something to learn. It doesn't let web page designers 
completely off the hook, but you'll soon see that it's more intuitive and 
natural for a web designer to use EL. For now, in this chapter, you simply 
need to be able to recognize EL when you see it. And don’t worry at this 
point about recognizing whether the expression itself is valid all we care 
about now is that you can pick out an EL expression in a JSP page. 
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An EL expression ALWAYS 
looks like this: ${something) 

In other words, the expression 

is ALWAYS enclosed in curly 
braces, and prefixed with a 
dollar ($) sign. 
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Using <scripting-invalid> 

Ii'k simple you ran make it invalid For a 
JSP to have scripting elements (scriptlrts, 
Java expressions, or declarations) In pulling 
a <scripting*invalid> tag in the 1)13: 


•web-apj: ... 


•* jsp-eonfig> 

<jBp-property-group> 
<url-pattern>*. jsp</url-pattern ■ 

<scripting-invalid> 

true 

</scripting-invalid> 

</jap property gtouj>» 

< / jsp-conlig;- 


c /web-atin> 


Watch out you might have seen olhei hooks 
or arm ies show .1 page directive that disables 
scripting. In a draft version of the 2.0 spec, 

_ ^ ofl '" or k / there was a page directive attribute: 

The 'tScnptinJ&hdbled . . . . .. 

it'tribute is ro ~ 7 < |iiigr isSni|>hngEnal)lccl=’T.ilsr” “i.> 

tbe JSP sped/ but it ivas removed from the final spec!! 

The only way to invalidate scripting now is 
through the <scripling-itivalid> 1)1) tag. 
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You can choose to ignore EL 

Yes, EL is a good tiling that’s going to save the world as we know it. But sometime* 
you might want to disable it. Why? 

Think hark to when the assort keyword was added to the.Java language with version 
1.4. Suddenly the formerly unreserved and perfeetly legal identifier “assert” meant 
something to the compiler. So if you had, say,;» variable named assert, you were 
screwed. Except that J2SE version 1.4 came with assertions disabled by default. If you 
knew you were writing (or recompiling) code that didn't use assert as an identifier, then 
you could choose to enable assertions. 

So it’s kind of the same thing with disabling El. if you happened to have template 
text plain old HTML or text in yuur.|SI* that included something that looked like 
EL I $ {something 1 1 , you’d be ill Big Trouble if you couldn’t tell the Container to just 
ignore anything that appears to l>e EL and instead treat it like any other unprocessed 
text Except there’s one big difference between EL and assertions: 


El is enabled by default! 


you want EL-looking things in your |Sl* to be ignored, you have to 
explicitly, eithet through a page directive or a 1)1) element. 


sav so 


Putting <el-ignored> in the DD 

<web-app ...» 

< jsp-config> 

<j sp-propert y-group> 

<url-pattern >*.jsp*/url-pattern > 

<el-ignored> 

true 

</el-ignored> 

</jap property groups 

</jsp-con»ig> 




The page directive 
takes priority over 
the DD setting! 

If there's a conflict between the 
<el-ignored> setting m the DD and 
the isELIgnored page directive attri¬ 
bute the directive always wins’ That 
lets you specify the default behavior 
in the DD. but override it fora specific 
page using a page directive. 


1 


</web-app- 

Using the isELIgnored page 
directive attribute 

<%@ page isELIgnored="truc" %> 

Tw d-rtitwe 


,he naming 

5=sst5Srar 

to tt n °’ ° ne Woul d be wm yt>e ell 9 n °red? 

000 ' be footed ty ° not natch! 

y s ' e/ -’9nor B d> 
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Put wait... there's still another JSP 
element we haven't seen: actions 

So lar. you've seen live different types of elements that ran appear in a JSP: 
scriptlets, directives, de< I.n ations. Java expressions, and EL expressions. 

Bm we haven't seen actions. They eonie in two flavors: standard and...not 


Standard Action: 


<j sf'i include page="wickedFooter. jsp" /> 


Other Action: 

<c:aet vax-"rate" value-"32" /> 


j ■vocr'l . 

-.-/nftinixX A* ^ , i „ 


Although that’s misleading, because there are some actions that aren't 
considered standard actions, bm which arc still part of a mm-standard library. 
In other words, you’ll later learn that some of the non-standard (the 
objectives refer to them as custom) actions are... standard, but yet they still 
aren’t considered “standard actions”. Yes, that’s right they’re standardized 
non-standard custom actions. Doesn't that just clear it right up for you. J 

In a later chaptei when we get to “using tags", we’ll have a slightly richer 
vocabulary with which to talk about this in more detail, so relax. For now, 
all we care about is recognizing an action when you see it in a 

JSP! 


^.Jharpen your pencil 


Look at the syntax for an action and compare it to the syntax for the other 
kinds of JSP elements Then answer this. 

1) What are the differences between an action element and a scnptlet? 


2) How will you recognize an acton when you see it? 


you are hero ► 323 



evaluation ■xercise 



Evaluation Matrix 

Think about what happens when each ot 
these settings (or combination ot settings) 
occurs You'll see the answers when you 
turn the page, so do this one NOW 


0 EL Evaluation 


Place a checkmark in the evaluated column if the 
settings would cause the EL expressions to be 
evaluated. OR place a checkmark in the ignored 
column if EL will be treated like other template text. 
No row will have two checkmarks, of course 


DD configuration 
<el-ignored> 


page directive evaluated ignored 

isELIgnored 


unspecified 

unspecified 



false 

unspecified 



true 

unspecified 



false 

false 



false 

true 



true 

false 




Place a checkmark in the evaluated column if the settngs 
would cause the scnpting expressions to be evaluated 

( 5^ ^rrintinn ualiHitu OR place a checkmark in the error column if scnpting will 

y—y w wa ■ ■# »aaa * m ■ ■ *• ■ % ■ 

cause a translation error 


DD configuration evaluated error 
<scripting-invalid> 


unspecified 



true 



false 
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using ISP 


g-pi JSP Element Magnets 


Match the JSP element with its label by placing the JSP snippet in 
the box with the label representing that element type Remember 
you'll have Drag and Drop questions on the real exam similar to 
this exerase, so don t skip it' 

JSP element type 


JSP snippet 


directive 


declaration 


P 


i'”' ; \*«* 
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JSP Element Magneto the Sequel 

You know what they're called but do you remember where they go in the 
generated servleP Of course you do But this is just a little reinforcement/practice 
before we move on to a different chapter and topic. 

(Put the element in the box corresponding to where that element s generated oode 
will go in the servlet class file Note that the magnet itself does not represent the 
ACTUAL code that will be generated 



public final class BasicCount@r_jsp extends erg.apache.jasper.runtime.HttpJspBase 

implements erg.apache.jasper.runtime.JspSourceDependent I 



public v:id _jspS«rvic*(HI I request, HttpServl 

throws java.io.IOException, ServletException 1 



TV order ©f Ikes* three 
magneti dofs not mitts*- 


I 
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Evaluation Matrix 
ANSWERS 


0 EL Evaluation 


DD configuration page directive evaluated ignored 

<el-ignored> isELIgnored 


unspecified 

unspecified 



false 

unspecified 

s/ 

/ 

true 

unspecified 



false 

false 

V 


false 

true 


✓ 

true 

false 

>/ 



Exercise 


0 Scripting validity 


00 configuration evaluated errur 
<scripting-invalid> 


unspecified 

V 


true 



false 
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JSP Element Magnets 


ANSWERS 





<% Float one - new 


Float142.5); '> 


scriptlet 
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The word “expression" 
by itself means 
“scripting expression" 
NOT “EL expression”. 

Of course the word "expression is over¬ 
loaded for JSP elements If you see the 
word ‘ expression ’ or “scripting expression 

.. _— _ an p.vnresston 

it means tne same ««•<» -«- 

using Java language syntax 

<%= foogetNameO %> . _ 

The only time the word "expression refe 
to EL is if you specifically see "EL in the 
descriptions or label! So, always assume 
that the default for the word "expression 
is “ scripting/Java expression", not EL 









using ISP 



JSP Element Magnets 1 the Sequel 

ANSWERS 



. w*th an ^'Ute 


public final class BaslcCounter_jsp extends org.apache,jasper.runtime.HttpJspBase 

Implements org.apache.jasper.runtime.JspSourceDependent ( 



art 


(or MEMBER 


public void _jspService(HttpServletRequest request, HttpServletResponse response) 

throws Java.lo.lOException, ServletException 


I 


) 




Expressions W »tp 

.t^ifemtheserritem^Wod 


go >raide ^ 

***** method 


EL enfrcuwe* y mS ’ de *** 

vervitt method 


(Note -the order o( these 
three things doesn t matter) 


WOrt remember that the XP tod d ^Th.s e«rt.se i. jtft to 

ike this it’s all tra^ '^^r^se elements 6fi, ^ 
show 7 - • M ? 3ri f , l *Xddode the elements are translated "to 
not shTwmg the M *r*££*** i*.1^ 

for eram ? le, the declaration yes --- 


you arc hero ► 329 










mock )xam 



“?Koc& &XO.VH @A<zfctci 7 

Given this DD element: 

47. <jsp-property-group> 

48. <url-pattem>*. jsp</url-pattern> 

49. <el-ignored>true</el-ignored> 

50. </jsp-property-group> 

What dors the element accomplish? (Choose all that apply, j 

□ A. All files with the specified extension mapping should fie treated I tv the 

JSP container as well-formed XML files. 

O B. All files with the specified extension mapping should have any 
Expression Language code evaluated by the JSP container. 

□ C. By default, all files with the specified extension mapping should NOT 

have any Expression Language code evaluated h\ the JSP container. 

Q I). Nothing, this tag is NOT understood by die container. 

CD K. Although this tag is legal, it is redundant, because the container 
behaves this wav by default. 


2 


Which directives specify an H I I F response that will be of type “image/svg”? 
Choose all that apply.) 


□ 

A. 

<%@ 

page 

n 

—1 

n 

n. 


page 

□ 

c. 

<%@ 

page 

□ 

1). 

<%@ 

page 

□ 

E. 

<%@ 

page 


type="image/svg" %> 
mxmeType=''image/»vg" %> 
language="image/svg" %> 
contentType="image/svg" %> 
pageEncoding="image/svg" %> 
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using JSP 


Given ihis JSP: 

1. <%@ page import-"java.util.*" %> 

2. <htmlN<body> The people who like 

3. <%« request.getParameter("hobby") %> 

4. are: <br> 

5. <% ArrayList al = (ArrayList) request.gctAttribute(’’names ') ; %> 

6. <% Iterator it = al.iterator(); 

7. while (it.hasNext()) ( %> 

8. <%« it.next() %> 

9. <br> 

10. <% ) %> 

11. </bodyX/html> 

Which types <>f code are used in this JSP? (Choose all that apply.) 


□ 

A. 

EL 

□ 

B. 

directive 

□ 

c. 

expression 

□ 

I). 

template text 

□ 

K. 

scriptlel 


Which statements about jsplnit() are trite? (Choose all that apply. 
LJ A. It has access to a ServletConfig 
□ IV It has access to a ServletContext 

LJ G. Iii - only colled once. 

Q I). It t an he overridden. 
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Which types of objects arc .ivailablc to the jsplnit() method? 
(Choose all that apply.) 

LJ A. Set vlcLCouTiy 
L] B. ServletContext 
LJ C. JspServletConfig 
—] I). JspServletContext 
LJ K. HttpServletRequest 
LJ 1 HttpServletResponse 


(liven: 

<%@ page isELIgnored-"true" %> 

What i> the effect? (Choose all that apply. 

□ A. Nothing, this page directive is NO T defined. 

LJ B. I’he directive turns oil the evaluation of Expression Language code 
by the JSP container in all of the web applit ation's JSPs. 

LJ C. TheJSP containing this directive should be treated by the JSP 
coni.tine) as a well-formed XML file. 

□ 1). Hie JSP containing this directive should NOT haw any Expression 

Language code evaluated by the JSP container. 

LJ L. 1 his page directive will only turn tiff EL evaluation if the 1)1) 

declares a <el-ignored>true</el-ignored> element with a 
URL pattern that includes this JSP. 


Which statement concerning JSPs is true? (Choose one.) 

U A. Only Jsplni t<) can be overridden. 

LJ B. Only jspDestroyO t an be overridden. 

L) C. < )nly _jspServi.ce () t an be overridden. 

LJ D. Both jsplnit() and jspDestroyO tail he overridden. 

LJ L jspInitO, jspDestroyO. ami jspService () t an all be 

overritldrn. 
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Which JSP lifecycle Mep i* out <>r order? 
G A. Translate the JSP into a servlet. 
G B. Compile scrvlel source c« wlr. 

G C. Call _jspService() 

□ 1). Instantiate the servlet class. 

G K. Call jsplnit() 

CD K Call jspDestroyO 


9 


Which arc valid JSP implicit variables? (Choose all that apply.. 


□ 

A. 

stream 

□ 

B. 

context 

□ 

C. 

exception 

□ 

1). 

listener 

□ 

E. 

application 


10 


Given a request with two parameters: one named "first" represents a user's 
first name and another named "last" represents his last name. 


Which JSP seriptlet code outputs these parameter values? 

G A. <% out.println(request.getParameter("first")); 

out.println(request.getParameter("last")) ; %> 

G B. <% out.println(application.getInitParameter(”first")); 

out.println(application.getlnitParameter("last")); %> 

G C. <% println (request. getParameter ("first")) ; 

println(request.getParameter("last")); %> 

G I). <% println (application. getlnitParameter ("first")) ; 

println(application.getlnitParameter("last")); %> 
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Given; 

11. Hello ${user.name)! 

12. Your number ie <c:out value—"$(user.phone)"/>. 

13. Your address is <jsp:getProperty name="user" property="addr" /> 

14. <% if (user.isValid{)) (%>You are valid!<% } %> 

Which statement* are true? Choose all that apply. 

U A. lines II and 12 (and no other-si contain examples or El. elements. 

J B Line 14 is an example of s< riptlet code. 

[J G. None of the lines in iliis example contain template text. 

3 D. Lines IJ and 111 include examples of JSP standard actions. 

O L. Line 11 demonstrates an invalid use of EL. 

«_] F. All four lines in this example would be valid in aJSP page. 


Which JSP expression lag will print the context initialization parameter named "javax. 
*<|I.DataSource"? 

LJ A. <%= application.getAttribute("javax.sql.DataSource") %> 

J B. <%■ application.getlnitParameter("javax.sql.DataSource") %> 
G G. <%*« request.getParameter("javax.sql.DataSource") %> 

—J I). <%= contextParam.get ("javax. sql.DataSource") %> 


13 


Which statements about disabling scripting elements are true? 

I Choose all that apply. 

-J A. You can’t disable scripting via the 1)1). 

□ R. You can only disable scripting at the application level. 

□ C. You can disable scripting programmatic ally by using the 

isScriptingEnablod page directive attribute. 

□ I). You can disable scripting via the 1)1) by using the 

<scripting-invalid> element. 
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In sequence, tvliat air the Java lypes of (he followingJSP implicit objects: 

14 application, out. request, response, session* 

□ A. java.lang.Throwablo 

j ava.lang.Object 
java.util.Map 
java.util.Sot 
java.util.List 

□ B. javax.servlet.ServletConfig 

java.lang.Throwable 

java.lang.Object 

javax,servlet.jsp.PageContext 

java.util.Map 

Q ( javax.servlet.ServletContext 
javax.servlet.jsp.JspWriter 
javax.servlet.ServletRequest 
javax.servlet.ServletRcsponse 
javax.servlet.http.HttpSession 

□ D. javax.servlet.ServletContext 

java.io.PrintWriter 

javax. servlet. ServletConfig 

java.lang.Exception 

javax.servlet.RequestDispatcher 


15 


Which is ail example of the syntax used to import a class in a JSP? 

LJ A. <% page import-"java.util.Date" %> 

□ B. <%@ page import-"java.util.Date" @%> 

L) C. <%@ page import-"java.util.Date" %> 

J I). <% import java.util.Date; %> 

LJ K. <%@ import file—"java, util .Date" %> 


16 


Given the JSP: 

1. <%@ page isELIgnored-"true" %> 

2. <%@ taglib uri="http://java.sun.com/jsp/jstl/core" 
prefix-"c" %> 

3. <c:set var="awesomeBand" value-"LIMOZEEN"/> 


4 . ${awesomcBand} 

What will he the output? 

LJ A. ${ awesomcBand) 

□ B. LIMOZEEN 

LJ C. No output 

LJ 1). An exception will be thrown because all taglib directives must precede 

1 . * 1 you are here ► 

any page directives. 


335 



mock ws weir. 





Oiven this DD element: 

47. <jsp-property-group> 

48. <url-pattem>*. jsp</url-pattern> 

49. <el-ignored>true</el-ignored> 

50. </jsp-property-group> 


(JSP ^ ° W 


What dors the element accomplish? (Choose all that apply, j 

□ A. All files with t he specified extension mapping should fie treated I tv the 
JSP container as well-formed XML files. 

O B. All files with the specified extension mapping should have any 
Expression Language code evaluated by the JSP container. 

Ej ('. By default, all files with the specified extension mapping should NOT 
have any Expression Language code evaluated h\ the JSP container. 

Q I). Nothing, this tag is NOT understood by die container. 

CD K. Although this tag is legal, it is redundant, because the container 
behaves this wav by default. 


-Oytion C Lots* off 
•the evaluating of Et- 

exyressions by A JSP 
t o tontamer and by 
default the tontainer 
does evaluate EL- 


2 


L rfiior I 10^ 

Which directives specify an H 1 I P response that will be o! type “image/svg”? w 
Choose all that apply.) 


□ A. 

<%@ 

page 

r» n 

n 


— i n. 

page 


<%@ 

page 

□ 1). 

<%@ 

page 

□ E. 

<%@ 

page 


type="image/svg" %> 
mimeType—" linage/svg'' %> 

1 anguage=" image / s vg'' %> 
contentType='’image/svg" %> 
pagcEncoding="image/svg" %> 


-Option D the 

torrtti sVnta* for 
tht* directive. 
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Given ihisJSP: (JSP *2-0 vetU" 

1. <%@ page import-"java.util.*" %> 

2. <htmlXbody> The people who like 

3. <%= request.getParameter("hobby") %> 

4. are: <br> 

5. <% ArrayList al = (ArrayList) request.getAttribute("names"); %> 

6. <% Iterator it = al.iterator(); 

7. while (it.hasNext()) ( %> 

8. <%- it.next() %> 

9. <br> 

10. <% ) %> 

11. </bodyX/html> 


Which types of code arc used in this JSP? Choose all that apply.i 



A. 

B. 

C. 
1 ). 

K. 


EL 

directive 
expression 
trtnplalr text 
scripllet 


-There's no EL in this JSP 
There’s a directive on line t 
expressions on lines 3> and 9, 
te—plate tent all over (like line 2./ f 
and of towrse sinptinflj elements 


4 


Which statements about jsplnit() are true? 

A. 11 has access to a ServletConfig 
5^ It. 1 1 has access to .> ServletContext 


U C 

I) 


11 in only called once. 
It can be overridden. 


(Choose all that apply. ' 


(JSP < 1 ° 


settlor " ^ 
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Whit It types of objects .ire available lo the jsplnit() nieihod? (JSP v2~0 

(Choose til) thill apply.) 



Set vlctCuuTiy 

a b. 

ServletContext 

□ c. 

JspServletConfig 

a a 

JspServletContext 

□ E. 

HttpServletRequest 

□ E 

HttpServletResponse 


-JSPs turn into plain old servlets, so they 
have access to the pUm old ServletConri^ 
and £e*-v!etConte*t otjetts and >t* 
r *t a little early in the li&tyde to be 

lallc.r^ about requests and responses 


l^ttion 11 2- I ^ 


6 


(JSP r2-0 ?} 1-^ 


<%@ page isELIgnored="true" %> 


What is the effect? (Choose all that apply. 


□ A. 

□ H. 

□ C. 

I). 

□ E. 


Nothin#, this page directive is NOT defined. 

I he direr-live turns o(T the evaluation of Expression Language rode 
by the JSP container in all of the well applii ation sJSPs. 

ITtejSP containing this directive should be treated by die JSP 
container as a well-formed XMI. file. 

TheJSI- containing this directive should NOT have any Expression 
Language code evaluated hv thejSP container. 

This page directive w ill only turn off EL evaluation if the 1)1) 
declares a <el-ignored>true</el-ignored> element with a 
URL pattern that includes this JSP. 


-Option B is inCorreCt 
because the directive 
only aWects the 
enclosing JSP 


7 


Whieh statement concerning JSPs is true? (Choose onr.i 
(J A. Only jsplnit() can be overridden. 

Q B. Only jspDestroy () can he overridden. 

LJ C. Only _jspServi.ce 0 i an hr overridden 

1). Both jsplnit() and jspDestroyO can be overridden. 


(JSP <2-0 setW ID 


-Remember the underscore 
is your clue that a method 
can’t be overridden 


Q E. jsplnit(). jspDestroyO. and „jspService() ran all be 

overridden. 
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Which JSP lifecycle step is out of order? (JSP *2-0 section 10 

tJ A. Translate the JSP into a servlet. 
iJ B. Compile servlet smirrr code. 

^ C. Call _jspService() _The \syServiee method tin 
□ 1) Instantiate the servlet class, never be tailed before jsf|n«i 

CD K. Call jsplnit() 

CD K Call jspDestroyO 


\N liicli are valid JSP implicit variables.’ (Choose all that apply.; 


□ D. 
Si^ K. 


stream 
context 
exception 
listener 
aDDlication 


—Options fri B. and D 
don't e*ist as i"*plifcit 
objects treated by the 

Container for JSrv 


(JSP «2-0 


settio* I ® ^ 


10 


(iiven a request with two parameters: one named “fit's!" represents a user's 
first name and anothet named “last" represents Itis Iasi name. 


(JSP *2-0 


Which JSP scripikt code mitpuu these parameter v alues? Clytion A uses the “out*' 

A. <% out.println (request.getParameter (“first")) ; implicit object and it* 

out .println(request.getParameter ("last")) ; %> printlnO method 

□ B <% out.println (application.getlnitParameter ("first")) ; 

out.println(application.get!nitParameter("last")); %> 

□ C. <% println (request. getParameter ("first")) ; -Options C and D are missing 

println (request. getParameter ("last")) ; %> the "out” implicit object 

L) 1) <% println(application.getlnitParameter("first ")); 

println(application.getlnitParameter("last")); %> 
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Given: (JSP ?* M0) 

11. Hello ${user.name)» 

12. Your number is <c:out value-"?{user.phone)"/>• 

13. Your address is <jsp:getProperty name="user" property="addr" /> 

14. <% if (user.isValidO) {%>You are valid»<% ) %> 


Which statement* are true? (Choose .ill that apply. 

A. Lines II .iml ] 2 (and no others) contain examples of KL elements. 



□ C. 


□ 1 ). 

□ E. 

^ F 


Line 14 is .hi example of seripllel code. 

None of ihe lines in this example contain template text. 
Lines 12 and 14 incltidr examples ol’JSP standard actions. 
Line 11 demonstrates an invalid use of EL. 

All four lines in this example would lie valid in aJSP page. 


.(vw c is b < c -*: se f 11 


-Oft ion D is InCorrect because 
line 12. does not include a JSP 

standard action 


-Oftion E is mCocredt 
because the EL m line 
II is valid 


12 


_ (jsp <1 o n 1 -‘ Vl ' 

Which JSP expression lag will print the context initialization parameter named "javax. 

*<|I.DataSource"? 

L) Y <%= application.getAttribute("javax.sql.DataSource") %> 
if If. <%■ application.getlnitParameter("javax.sql.DataSource") %> 

—Of t<on B shows the 
Correct use of the 
affixation imfliCit 

ooject 


G C. <%■ request.getParameter("javax.sql.DataSource") %> 
J 1). <%= contextParam.get ("javax. sql.DataSource") %> 


13 


Which statements about disabling scripting element* are true? 
(Choose all that apply. 


□ A. 

□ B. 

□ C. 

I) 


You can’t disable scripting via the 1)1). 

You can mil) disable sc ripting at the application level. 

You can disable scripting programmatically by using the 
isScriptingEnabled page directive attribute. 

You can disable scripting via the 1)1) by using the 

<scripting-invalid> element. 


(JSP vLO 


sedbo* 


-You U n only disable sCriftin* 

elements through the DD The 

<vsf-froferty'y°uf > element 
allows you to disable Sdnftm^ 
m selective JSPs by sfeCify.n^ 
URL fittevns to be disabled 
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In sequence, what arc the Java types id the I'ollowingJSP implicit objects: 

application, out. request, response, session’ 

□ A. java.lang.Throwable 
java.lang.Object 
java.util.Map 
java.util.Set 
java.util.List 


□ B. 

gf C. 


□ I) 


javax.servlet.ServletConfig 

java.lang.Throwable 

java.lang.Object 

javax.servlet.jsp.PageContext 

java.util.Map 

javax.servlet.ServletContext 
javax.servlet.jsp.JspWriter 
javax.servlet.ServletRequest 
javax.servlet.ServlotResponse 
javax.servlet.http.HttpSession 

javax.servlet.ServletContext 

java.io.PrintWriter 

javax.servlet.ServletConfig 

java.lang.Exception 

javax.servlet.RequestDispatcher 


_0p-b<m C shows the 
Java type of each 
implicit object 


(JSP viO ft 


Which is mi example of ihe syntax used to import a class in aJSP? 


□ A. <% page import®"java.util.Date" %> 

□ B. <%@ page import®"java.util.Date" @%> 
iA C. <%@ page import®"java.util.Date" %> 
—1 l), <% import java.util.Date; %> 

□ It <%@ import file®"java.util.Date" %> 


(JSP v2-0 1 


-Optics A ^ D are mvahd because 
only Java statements may be 
included wrthm <V» - tay 

-0pt»on C is the only example that 
shows the Correct synta* 

-Option t is invalid because there is 
no import directive. 


Giveu the JSP: 

1. <%@ page isELIgnored®”true" %> 

2. <%@ taglib uri="http://java.sun.com/jsp/jstl/core” 
prefix®"c" %> 

3. <c:set var®"awesomeBand" value®"LIMOZEEN"/> 


(JSP v2-0 iet ' t,or ' ll0U 


4. ${awes omeBand} 

What will be the output? 

A ${awesomeBand) 

L1M0ZEEN 

No output 

An exception will be thrown because all taglib directives must precede 
am page directives. 


□ B. 

□ a 

□ n. 


-Option A the EL expression IS Ignored 
and passed through verbatim 
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8 scriptless JSP 


Script-free pages 



Lose the scripting. Do your web page designers really have to know 

Java? Is that fair? Do they expect server side Java programmers to be, say, 

graphic designers? And even if it's just you on the team, do you really want a 
pile of bits and pieces of Java code in your JSPs? Can you say, maintenance 
nightmare"? Writing scriptless pages is not just possible, it's become much easier 
and more flexible with the new JSP 2 0 spec, thanks to the new Expression 
Language (EL). Patterned after JavaScript and XPath, web designers feel right at 
home with EL. and you'll like it too (once you get used to it) But there are some 
traps EL looks like Java, but isn t Sometimes EL behaves differently than if you 
used the same syntax in Java, so pay attention! 


this is a new chapter 
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official Sun exam bj- . river- 


Objectives 



Building JSP pages using the Expression 
Language (EL) and Standard Actions 

7.1 Write a code snippet using top-level variables in the 
EL This includes the following implicit variables: 
pageScope. requestScope, sessionScope. and 
applicationScope; param and paramValues; header 
and headerValues: cookies, and initParam. 

7.2 Write a code snippet using the following EL operators: 
property access (the . operator), collection access (the 
[] operator). 

7.3 Write a code snippet using the following EL operators: 
aritmetic operators, relational operators, and logical 
operators. 

7.4 For EL functions: Wnte a code snippet using an EL 
function: identify or create the TLD file structure used 
to declare an EL function; and identify or create a code 
example to define an EL function, 

8.1 Given a design goal, create a cude snippet using the 
following standard actions: jsp:useBean (with attributes: 
‘id’, 'scope', type', and class'), jsp:getProperty. and jsp: 
setProperty (with all attribute combinations). 

8.2 Given a design goal, create a code snippet using the 
following standard actions: jsp:include, jsp:forward, and 
jsp:param. 

6.7 Given a specific design goal for including a JSP 

segment in another page, write the JSP code that uses 
the most appropriate inclusion mechanism (the include 
directive or the <jsp:include> standard action). 


In this (hapter, n't coin BOTH tut huh 
mechanisms: <jsp:iuclude> from objective B.2, unit 
thr include /mge directive from objective fi.7 (mod 
of the objectives in section 6 were covered in the 
previous chapter on JSPs). 


Coverage Notes: 

At! of thr objectives til this »rctiou me covered 
completeIj in this chapter. And it's a big one. 
Jake jour lime in this chapter; there's a lot oj 
picky details to go through. 
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scriptless JSP s 


Our MVC app depends on attributes 

Krmetnbei in iht- original MVC! beer app, the Servlet nmholln 
talked tn the model Java class with business logic), then m'I an 
attribute in the request scope before forwarding to the JSP view. 

The JSP had to gel the attribute front the request scope, and use 
it to rentier a response to send back to the client. Here's a quick, 
simplified look at how the attribute goes front controller to view 
(just imagine the servlet talks to the model): 

Servlet (controller) code 


public void doPost(HttpServietPequest request, HttpServletPesponse response) 

throws lOException, ServletException I 


String name - request.getPararoeter("userName">; 

request.setAttribute("name", name); 




) 


RequestDiapatcher view = request.getRequestDispatcher("/result.jsp"); 
view.forward(request, response); 



F«-wird £)* re^uesf 
in the view 


JSP (view) code 

<htmlxbody> 

Hello 

<*= request.getAttribute("naroe") 

</body></html> 


i serivtm^ egression to the 
nbvte a*d rnnt * ***** 

—"*»s *TT, 


I Icllo Paul 

“Pawl” *a* the val-e of 
the “name’* attribute 
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non-String nributes 


Put what if the attribute is not a 
String, but an instance of Person? 

And not just a Person, Inn a Person with a “n.unr-" property 
We'rc using the term “property" in the non-enterprise 
JasalVan* way the Person class lias a gelNamr(l and 
setName ! method pair, which in the JavaBcan spec means 
IVrsou has a property railed “name”. Don’t forget that the 
“name” property means a change in case for tin- first letter, 
“n”. in other words, the name of tin- property is what yon get 
when you strip oil the prefix "get” and “set", and make the 
first character after that lower case. So. getName/setName 
becomes name. 

Servlet code 


S JW®** l 

foo Person 

public String gel Name Q 
public vend setName) String) 


* , , i prorerfv 

e (noi * v/ 


public void doPost|HttpServletRequesl request , HttpServletPespunse response) 

throws IOException, ServletException I 


foo.Person p = new foo.Person(); 

p.setName("Evan"); 

request.setAttribute("person”, p); 

RequestDispatcher view = request.qetRequestDispatcher("result.jsp"); 
view.forward (request, response); 

1 

JSPcode 

<htmlxbody> 

Person is: <%= request.getAttribute("person”) %> 

< / bod y >< / h Lm 1 > 

What we WANT: What we GOT: 



: , - ■ -- __ 


Person is: Evan 

J 


Person is foo Pei son <r< 512d66 

attribute', 
dtUli method 


•We ll talk about JavaBeans m a few pages, but for now. just know that it s a plain 
old Java class that has getters and setters that follow a naming convention 
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scriptless JSPs 


We need wore code to get the Person's name 

Sending ilie result ul griAtnibute to print/write staiemem doesn't give ns 
wliai vve want ii just runs the objeet's loSiringl method. And since class 
Person doesn't override its inherited Object.toStringi i, well. you know what 
happens. But we want to print the Person's namr. 


JSP code 

<htmlxbody> 


<% foo.Person p = (foo.Person) request.getAttribute("person"); 
Person is: <%® p.getNarae() %> 


</bodyx/html > 




& 


OR using an expression 


%> 


<htmlxbady> 

Person is: 

<%■ ((foo.Person) request.getAttribute("person")).getName() %> 


</body></html> 


What we GOT: 



But then we remember that MEMO... 

The one that can be summarized as 
“Use Scripting and Die” 

We need a different approach. 
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JavaBean tandnrd actions 


Person is a JavaPean, so we'll use the 
bean-related standard actions 

With a couple ol standard actions, wc can eliminate all the scripting 
code in our .JSI’ r cmcniher: scripting code includes declarations, 
scriptlets, and expressions; and still print out the value of the person 
attrihute's name property. Don’t forget that mini/ is not an attribute 
only the person object is an attribute. The name property is simply the 
thing returned from a Person's geiNameil method. 


Without standard actions (using scripting) ^ '•*'* 

<htmI><body> bit * 1 

<% foo. Person p = (foo.Person) request.getAttribute ("person") ,• %> 
Person is: <%■ p.getNaineO %> 

</bodyx/html> 


on L° 6t 

With standard actions (no scripting) * 

<ntmlxbody> 

<jsp:useBean id="person” class="foo.Person" scope="request" /> 

Pei : r. -rented fy servlet: <jsp:qetProperty name="person" property="name" 

<7bodyx/html> 
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scriptless JSPs 


Reconstructing <jsp:usePean> and <jsp:getProperty> 

All we really wanted was the functionality of <}sp:getPropertv> l>e cause we wanted only to 
display the value of the person’s “name" property. But how does the Container know what 
“person" means? If we had only the <jsp:getProperty> lag in the JSP, it's almost like using 
.in undeclared variable the name “person". The Container usually has no idea what you’re 
talking about, unless you FIRS l put a <jsp:useBean> into the page. The <jsp:uscBcan> is a 
way of declaring and initializing the ac tual bean object you’re using in <jsp:getPropcrty>. 


<jsp:useBean> 


Declare and initialize a bean attribute with| 

<jsp:useBean id="person" class="foo.Person" scope="request" /> 


i&er W the 


/ 

ldc*iJ les fa : 

*t**d*d acii~ , TWl t0 rre^' 

verslcF teit sa.d 


trMJ** 




\ 


PetUvts i>< 

(Wki 

foe U W* 


Identifies fa ^triLU 
*•* this bea„ ^ 


. 


Get a bean attribute’s property value with 


<jsp:getProperty> 


<jsp : getProperty name="person" property="name" /> 


'SSs. 4 ^ 


\ 

1 L* s«l. >1 I . 

--- *... 0bLUdi ocdn 

TktS will »,atck 

tke id »alu< -from ike 
<jsy useBean> ia^ 


?ar t ol i „ 2 . teta*« *** 
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<jsp:useBean> 


<jsp:u$ePeau> can also CREATE a bean! 

IT the <j.sp:u*t*Bean> can’t find an attribute object named "person", 
it ran make one! It's kind of the way rrqucst.getSrssionO or 
tjetSessioii 1 true; i works it first searches Tor an existing tiling, Inn if it 
doesn't find one. it creates one. 

Look at the code front the generated servlet, and you’ll see w hat's 
happening there's an if test in there! It checks for a bean based on the 
values of id and scope in the tag. and it it doesn't get one, it makes 
an instance of the class specified in class, assigns the object to the id 
variable, then sets it as an attribute in the scope you defined in the tag. 


This tag 

<jsp:useBean id="person" class="foo.Person" scope="request" /> 


Turns into this code in the JspService() method 

ll, value ef 

DetUre a j; yo-r 

foo.Person person = null; -at* * T* V" t,.d «!<r t. tut »*"*" 

(tW*)*«* r '* a *^ , 

, sW _ e defined i* 

synchronized (request) ( 

S tk< ta» a~* “”** 1 

person = (foo.Person)_}apx_page context.getAttribute("person", PageContext.REQUEST SCOPE); 

BUT, if there was HOT a* l 

if (person = null) ( 4^ *«th that n a», at that **** 

x i- the id variaUe- 

person = new foo. Person () ; — Make <"*«• 


1 


jspx_page_context.setAttribute("person", person, PageContext.REQUEST_SCOPE); 

Finally, iet the new object as an 
attribute at the seope you defined 


350 chapter 8 



scriptless JSP 


This could be o bod thing—I 
don't WANT to hove a beon 
thnt rin<"cn't hnvr it< prnprr+y 

values set! If the Container 
makes a bean using that tag, the 
bean won't have property 
values... 



You can use <jsp.setPropertY> 


Hiu you already knew that where there's a grt there’s usually a .vl. 
Fhe <jsp:setPrnperty> tag is the third and final bean standard 
action. It's simple to use: 


<jsptuseBean id="person" class=*foo.Person' 

<jsp:setProperty name="person" property="name" value="Fred" 


That’s worse! NOW it 
means that if the bean already 
existed, my JSP will reset the existing 
bean s property value! I want to 
set the property on only the 
NEW beans, 

S 

o 


o 



/> 
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<jsp:useBean> with a body 


<jsp:usePean> can have a body ! 

If you put your setter rode {<jsp:setl*ropmy> i inside the 
body of <jsp:UiwRe;in>, the property setting is conditional! 
In other words, the property values will lie set only if .1 
tint bran is created. II an existing bean w ith that snif>r and 
id arc found, the body of the lag will never run. so the 
property won’t be reset from vourJSP code. 


Wtth a <jsp:useBean > body 
you can have code that runs 
conditionally... ONLY if the 
bean attribute can’t be found 
and a new bean is created. 


<jsp:useBean 


scope="page 


<jsp:setProperty name="peroon" property="name" valuer 



</jsp:useBean > 

^ r- tw, 

v. iMT 


Code inside -the IimIu C 

11 > “ 

'**’ t found Jnd J ’ ,+ the bein 

a a hCw ** « created 


0 : 

Why didn't they just let you specify arguments 
to the constructor of the bean? Why do you have to go 
through the extra trouble of setting values anyway? 


A: 

The simple answer is this: beans can't HAVE con¬ 
structors with arguments! Well, as a Java doss, they can, 
but when an object is going to be treated as a bean. Bean 
Law states that ONLY the bean's public, no-arg construe- 

* . «- ti . j r . 4 . r » -. 1 - - •£ 1 »mr 1 

iur win oe cdiieu. cna 01 itory. in idci n you aa ixui riavt* 
a public no-arg constructor in your bean class, this whole 
thing will fail anyway. 




What the heck is Bean Law? 


A: 

t\_ The law according to the creakingly-ancient 
JavaBeans specification. We re talking JavaBeans NOT 
Enterprise JavaBeans (EJB) which is completely unrelated. 
(Go figure.)The plain old non enterprise JavaBeans spec 
defines what it takes for a class to be a JavaBean. Although 
the spec actually gets pretty complex, the only things you 
need to know for using beans with JSP and servlets are 


these few rules (we're showing only those that apply to 
what we re doing with servlets and JSPsI: 

1) You MUST have a public, no-arg constructor. 

2) You MUST name your public getter and setter methods 
starting with “get" (or "is", for a boolean) and "set ", followed 
by the same word. (getFooO, setFoof)). The property name 
is derived from stripping off the "get* and “set*, and chang¬ 
ing the first character of what's left to lowercase. 

3) The setter argument type arid the getter return type 
MUST be identical, This defines the property type. 

int getFooO void setFootfnf foo) 

4) The property name and type are derived from the get¬ 
ters and setters and NOT from a member in the class. For 
example, just because you have a private int foo variable 
does NOT mean a thing in terms of properties. You can 
name your variables whatever you like. The “foo* property 
name comes from the methods. In other words, you have a 
property simply because you have a getter and setter. How 
you implement them is up to you. 

5) For use with JSPs, the property type SHOULD be a type 
that is either a String or a primitive. If rt isn't, it can still be a 
legal bean, but you won't be able to rely only on standard 
actions, and you might have to use scripting. 
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scriptless JSPs 


Generated servlet when <jsp:use?ean> has a body 

It's simple, l it.- Container puts the extra property-setting rode inside the tf test. 


Code in jspService() WITH the <jsp:useBean> body 

Declare the reference variable 


the ** 


foo.Person person = null; 
person = (foo.Person) _jspx_page_context.getAttribute(“person", PageContext.PAGE_5COPE); 

if (person = null) ( <—- |{ * Kere ^ 

person » new foo.Person(); 


">ak e a new instance _ f'"' d ^ ^ean object to 

specified scope 

_jspx_page_conte>:t.setAttribute("person", person, PageContext.PAG£_SCOPE); 


ek?J ?* P '1 *«* It* k« 

^ cWLy when useBean has a body 


body 

org.apache.jasper.runtime.JspRuntimoLibrary.introspecthclpcr( 

_jspx_page_context.findAttribute(“person"), “name", “Fred", null, null, false); 


Vo* were expecting: 
person settomerFred"); 

M ttt'< (l* do<! Ewft . t ^ 4 

**• *• 

TL J ;; the value as j r w,f, 

Remember yo* aren't expected 1 l. t 

•Staton code, only tbe'^Su" ^ 
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polymorphic r Terences 


Can you wake polymorphic bean references? 

When you write a <jsp:useBean>. the class attribute determines the class of the new 
object i if one is created). It also determines the type of the reference variable used in 
the generated servlet. 


The way it is NOW in the JSP 


<jsp:useBf>at'i i< 1 = w prr.Ton" class="foo. Person" ar :ipe="pn:je" /> 

TV* the 


Generated servlet 




foo.Person person - null; 

II code to get the person attribute 
if (person = null)| ^- 

person = new foo. Person (); 





Hut... what if we want the reference type to be different from the actual object type? We'll 
change the Person class to make it abstract, and make a concrete subclass Kmployee. 
Imagine we waul the inference type to be Prison, and the new object type to be p.tnplovec. 


package foo; 

public abstract class Person ( 

private String name; 

public void setName(String 
this.name=name; 


public String getName() ( 
return name; 


L 


name) f 


uc class Wl"»~ «“““ 

private lot empID; 

public void < 

this.en-.pID - emplD. 

I 

public int getEmpIDO I 
return emplD; 
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scriptless JSPs 


Adding a type attribute to <jsp:usePean> 

With the changes we just made Uj the IVrson class, we’re in trouble if 
the attribute can’t l«* round: 




Our original JSP 

<jsj : i n* class="foo.Person" "|>age"/> 

Has this result 

java.lang.InstantiationException: too ,Person 


Because the Container tries to: 

n-> foo.Person!) 




'1°* w ”’ ' fer«e», 



We need to make the rrjnrnrt variable type IVrson. anti the objnt an instance 
of class Employee, Adding a type attribute to the tag lets ns do that. 


Our new JSP with a type 

<ispruseBean id=*'person" type "foe .Person" class="foo. Employee" 3COpe="paqe"> 



Type can be a class type, abstract type, or an interlace anything that you 
can use as a declared reference type for the class type ol the bean object. You 
can’t violate Java typing rules, of course. If the floss type cant be assigned to 
the itfntttft type, you’re screwed. So that means the tlius must be a subclass 
01 concrete implementation of tlu* tyftr. 
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type without lass, 


Using type without class 

What happens if vv<> declare a type, hut not a rims? 
Dors ii matter if the ty|«- is abstract or concrete? 


f,Uss , 


JSP ^ 

<jnp:uneBean id="pfet'3 n w typc="foo.Person" scope = "page"/> 


Result if the person attribute already exists in “page” scope 

It works perfectly. 


Result if the person attribute does NOT exist in “page” scope 


WON’T WOR* 11 


java.lang.InstantiationException: bean person not found within scope 


If type is used without class, the bean must already exist. 

If class is used (with or without type) the class must NOT 
be abstract, and must have a public no-arg constructor. 



In your example, "fi»o Person" is 
an abstract type, so of COURSE it can't be 
instantiated. What if you change the type to 
"foo.Employee”? Will it use the type for both the 
reference AND the object type? 

A: 

NO! It never works. If the Container 
discovers that the bean doesn't exist, and it sees 
only a type attribute without a class, it knows that 
you've given it only HALF of what it needs—the 
reference type but not the object type. In other 
words, you haven't told it what to make a new 
instance of! 


There is no fallback rule that says, "If you can't find 
the object, go ahead and use the type for BOTH 
the reference and the object." No, that is NOT how 
it works. 

Bottom line: if you use type without class, you 
better make CERTAIN that the bean is already 
stored as an attribute, at the scope and with 
the id you put in the tag. 
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The scope attribute defaults to "page" 

11 you don't specify .1 scope in eithei the <jsp:useBean> or <jxp:getl J r«>perty> tags, 
the Container uses the default of “page”. 

This 

<jsp:useBean id-"person" class®"f00.Employee" scope "page"/> 

Is the same as this 

<jsp:us©Bean id "person" class="foo.Employeo"/> 




Don’t 


confuse type with class! 


Check out this code: p@rson"/> 

<, 3p; o„Be.n 

Be prepared .0 recoprM. M *0*1 V0P» 9* » “S ** 

-*=, Q erFxception: Unable to compile class for JSP 
org.apacheoasper JasperExcept tiftWd 

f oo.^ S on^.eetscn.K 


Be SURE that you remember: 


type ss reference type 
class == object type 


Or to put it another way 

type x - new class() 

„. n , c i a s S Is always a class while type doesn t have to 

Now. you're prataWy tftotaKJ. We» •*»*-» represe „, Wags Ml mo* 

be—type can be an mterface So of COURSE y gs ^ - And you'd he right 

*~ *•»■*- »» 
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bean-related standard actions exercise 


m, BE the Container 

Look at this standard action: 


abstract class 

4 

Person 


String getName(| 
void setName(Stnng| 

-^- 


Employee 

int getEmplOO 
void set£mplO(int) 


<jsp:useBean id="person" type="foo.Employee" scope="request" > 
<jsp:setProperty name-"person" property="name" value«"Fred" /> 
</jsptuseBean > 

Name is: <jsp:gctPropcrty naroc="pcrson" propcrty="namc" /> 

Now imagine that a servlet does some work and then forwards 
the request to the JSP that has the code above. 

Figure out what the JSP code above would do for each of the 
three different servlet code examples. (The answers are at the 
end of the chapter) 


© What happens if the servlet code looks like: 

foo.Person p = new foo.Employee(); 

p.setName("Evan"); 

request.setAttribute("person ", p); 


f 

concrete class 


What happens if the servlet code looks like' 


(Botk classes are in 
package "{oo*) 


foo.Person p — new foo.Person0; 

p.setName("Evan"); 

request.setAttribute("person", p); 
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I just thought of something. , 
suppose we aren't using a servlet 

controller, and the IITML form 

GCtion goes straight to the JSP... is 
there a way I can use the request 
parameters to set a bean property. 
WITHOUT using scripting? 



(roing straight from the request 
to the JSP without going through 
a servlet... 


Imagine iliis i» mir lonn: 

<html><body> 


\T 


TV,, •/>» 

straiV *** 


JSP 


<fonn action="TestBean.jsp"> 

name: <input typ-p-"text" nan)e- M userName"> 
ID#: <input type^text" nani«-‘ w user TP" > 
<input type="submit"> 

</fonn> 

</body></html> 


We know we can do it with a combination oi standard actions and scripting: 

■ jsptuseBear. id-^person" type-*foo.Person" ciass-*foo.Employee"/ ■ 

<% person.setName(request.getParameter("userName")); %> 


We can even do il w ith si rinlinr IXSIDK a si.mil.ml ai lioii: 

<jsp:useBean id=”person" type="foo.Person" class= M foo.Ejnployee"> 


<jsp:setProperty namo*"person" property*"name" 

value*"<%* request.getParameter("userName") %>" 

</jsp:useBean> 

Yes, 


Yes, 

** * t>°K m t*, 


H > 


/> 
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using param 


The paraw attribute to the rescue 

lt\ so simple. %<»ti call send a rei|ucst parameter straight into a bean, without 
scripting, using the pm mat attribute. 


The param attribute lets you set the value of a 
bean property to the value of a request parameter. 
JUST by naming the request parameter! 


Inside TestBean.jsp 

<jsptuseBean id="petson" type="foo.Person" >:las3="foo.Empi'>yee w > 

< lap: set Property hame="per 8 on" pioperty="name" parain="userName" /> 
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scriptless JSP s 


Put wait! It gets even better... 

And all you haw in do is make sure vout form input field name (which Irernmc* 
die iri|in->i paiauictri muitri i.» dir suite *i> dir fiiofnit i ratine iii ymu lican. Thru 
in die <jsp:setPrnpcrty> tag, you don't have in specify llir pm am altrihuic. If you 
name dir pmprrh Inn don’t spei ify a value or param. you're telling the ( onl.liner in 
get the value front a request parameter with a matching name. 


If we change the HTML so that the input field 
name matches the property name: 



We get to do THIS 


<jsp:useBeari id="person w type="foo.Person* cla.‘5s="foo.Employee"> 
<jspssetProperty name="person w property="name" /> 

<. / j sp: useE5ean<> 

... , ,_■* m tb an v 

VMC -1 • 


If the request parameter name matches the bean 
property name, you don’t need to specify a value 
in the <jsp:setProperty> tag for that property. 
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properties and 'quest parameters 


If you can stand it, it gets even BETTER... 

Walch what happens if you make ALL the request parameter names mate!) 
the bean property names. The prison bean (whic h is an instance of too. 
Employeei actually Iras two properties name and empID. 



<jsp:useBean id-"person" type-"foo.Person" class-"foo.Employee"> 

<jsp:setFroperty namo-"person" property-^"*" /> 

</jsp:useBean> \ luJ-7? 

rtow to®' * 


I want you to iterate 

C through the request parameters, 
and find anv that match this bean’s 

~ t 

property names, and set the VALUC of 
the matching properties equal to the 
value of the corresponding request 
parameter... 



J SP 


Oh sure., make ME do ail 
the work. I have to look at 
the bean class getters and 

cr+trr'<! tn fim irr ni it the he/in 




Container 
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Pean tags convert primitive 
properties automaticall y 

If you're familiar with JavaBeans from any earlier lifetime, 
this is no surprise to you. Java Bean properties fan be anything. 
hut if they're Strings or primitives, all the c oercing is done 
lot you. 

That’s right you don't hat e to do the parsing and 
conversion yourself 

If we make the type Employee 
(instead of Person) 

<htnd><body> 



abstract foo. Person 


String gntNamnt) 
void sethamel String! 


foo.Employee 

int getEmpICX) 
void setEmptD<intl 


• jsptuseBean id-"person" type="foo.Employee" class "foo.Employee" 
■ jsprseLPrap-erty ndme-"person" property-"*" /■ 

<■! jsp:useBean 


Person is: <jsp:getPriperty name="person" property="name" /> 
ID is: <jsp:getPrc-perty name="person" property="empID" /> 


</body></html> 


It all works 


n n n 

1 4 .McgTr 


Nta.jto Mlhcar 


name: Kathy ID# 343 

f Submit) 


• 1* Mii','ti^fsjtr lseitifair no 


v 


The '■jsp : set Property- action 

faloc fUn SlPtnO PomioCf 


LWNV'J WIV IVJHVtJl 


parameter, converts it to an int. 
and passes that int to the bean’s 
setter method Tor that property. 
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primitive anversion 


riunil? 


^ OK, I’m thinking that the Container code is doing 
some kind of lnteger.parselnt("343"). so wouldn't you 
get a Number FormatException if the user doesn't type in 
something that can be parsed to an int? Like, what if the 
user types "three" in the employee ID field? 


A: 

Good catch. Yes, something will definitely go wrong 
if the request parameter for the empID property can’t be 
parsed into an int. You need to validate the contents of 
that field, to make sure it contains only numeric characters. 
You could send the form data to a servlet first, instead of 
sending it straight to the J5P. But if you're committed to 
going from the form straight to the JSP, and you don’t want 
scripting, just use JavaScript in the HTML form to check the 
field before sending the request. If you’re not familiar with 
JavaScript (which of course has virtually NOTHING to do 
with Java), it's a simple scripting language that’s processed 
on the client side. In other words, by the browser. A quick 
Google search on "JavaScript validate input field” should 
turn up some scripts you can use to stop users from enter 
ing, say, anything but numbers into an input field. 


If a bean property doesn't have to be a String or 
a primitive, then HOW can you set the property with¬ 
out scripting? The value attribute of the tag is always a 
String, right? 

A; 

£\’ It is possible (but potentially a •lot* of extra work) to 
create a special class, called a custom property editor, that 
supports the bean. It takes your String value and figures 
out how to parse that into something that can be used to 
set a more complex type. This is part of the JavaBeans spec 
though, not the JSP spec. Also, if the value attribute in the 
<jsp:setProperty> tag is an expression rather than a String 
literal, then IF that expression evaluates to an object that’s 
compatible with bean property type, then it will probably 
work. If you pass in an expression that evaluates to a Dog, 
for example, the Person bean's setDog(Dog) method will 
be called But think about it—this means the Dog object 
must already exist. Anyway, you're way better off NOT try 
ing to construct new things in your JSP! Trying to get away 
with constructing and setting even marginally complex 
data types is gonna be tough without scripting. (And none 
of that is on the exam). 


Waich lt! scri P tln 9 !! 11 fails even if an expression is INSIDE the <jsp:setProperty> tag. 

If you use the <jsp setProperty> standard action tag with the property wildcard, OR just a properly name without a 
value or param attribute (which means the property name matches the request parameter name) OR you use a 
param attribute to indicate the request parameter whose value should be assigned to the bean 's property. OR you 
type a literal value, the automatic conversion from Stnng to int works Each of these examples converts automatically 

<]sp:setFroperty nante="person" propercy="**’ /> 

<jsp:secProperty riarne="per3on" property“"emplD" /> 

<jsprserProperty name-'person" praperty="empID" vaiue-"3*13" / 

<jap:setFraperty naine*"person" property="eiapID" param="empID*' 

BUT if you use scripting, the automatic conversion does NOT work 

<lsp: set Property nane-'person" property="e.TipID" value-"<%® request. getParameter ("ejnpID") »>"/ ■ 



Automatic String-to-primitive conversion does NOT work if you use 
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The bean standard action tags are more natural to a non-programmer. 


I ■<»»•»••! ll»-. I.».* ail 

» 'II* * ««£(1III* III* IM ll< II* 'N 


-- - - ---- -- - -- la na|«M» rlui-laniaar<- •!. ..» 

' * i ■*» • ijMiui* i ■* iii«»iv rti/mii in* «• i» »«« ■*i^i»* • ■» »ii*iii 


ll-'IIIK 

alxmt mi I lie Java programmer ). Although ivni Java programmers find that lags are easier lu 
maintain than hard-codcd Java st ripling elements. With the bean-related tags, the designer 
needs mil) the bask identification in lb attribute name, scope, and property name . True, they 
do have to know the fully •i|ualified * lass name, hut as far as the web page designer knows it’s 
just a name with dots . in it. The web designer doesn’t need any knowledge or what’s really 
behind it, and they can think of beans as simply records siilh fields. You tell the designers the 
record the class and the identifieri and the fields the properties). 


Still, the bean standard actions aren't as elegant as they could be. 
And Ihnt's u In this isn't the end of the stair on smptless pages. Read on... 


you art* hero ► 365 




object properties 


Put what if the property is something 
OTHER than a String or primitive? 

We know how easy it is lo print an attribute when the attribute ilsell 
is a String. Then wr made an attribute that was a non-String object 
a IVi sun beau instance). But we didn't want to print the attributr 
person; we wanted to print a property of the attribute i in out 
example, the person’s namr and rm/ill)}. That worked line, because the 
standard actions can handle String and primitive properties. So, we 
know that standard actions can deal w ith an attribute ol any type, as 
long as all the attribute's properties are Strings or primitives. 

But what if they're not? What if the bean has a property that is not a 
String or primitive: 1 What if the property is yet another ( >hjei t type? An 
()bject ty pe u'lt/i properties <■/ i/t on 

What if ivhat ae really leant in to print a property of that property? 

Person has a String “name” property. 

Person has a Dog “dog” property. 

Dog has a String “name” property. 


Jf’ 4 ' ^ « - L°*irtie 

Cliu Hr, tku efca w p| e 

loo Person 

HI 

1 publtcvoid setNamei String! Bl 

public Dog getDogO | Vj 

public void setDoglOogl l 


foo Dog 


public String getNamef) 
public void setName< Siring) 


s 


What if we want to print the name of the Person’s dog? 


Servlet code 

public void doPost(HttpServletRequest request, HttpServletResponse response) 

throws IOException, ServletException t 


i .Person p = new f oo. Person 0 1 
p. setName ("Evan"); 


a V v< * a ^ 
u» . t t, 


foo.Dog dog * new foo.DogO ; ^ *rvd ^ r " Dock value k* 

dog. setNaroe ("Spike") ; ^ \ ijpt^or 

f %&££**+* 

request.setAttxibute("person", p); th* rer 


RequestDispatchet view = request.getP.equestDlspatcher ("result. jsp w ) ; 
view.forward(request, response); 
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Trying to display the property of the property 

We know wo ran do it with scripting, hut c an wo do it with tin* boan standard actions? 
What happens it we put “dog" as the property in the <jsp:getPmperty> tag? 


Without standard actions (using scripting) 

<htmlxbody> 

<%= <(foo.Person) request.getAttribute( 

</bodyx/html> 


“person")) .getDogO .getMane() 


%> 


With standard actions (no scripting) 

chtml><body> 


<jspsuseBean id**"person" class="foo.Person" 

v j* 3 name Is: <jsp:getProperty nan>e="person 

</bodyx/htmi> 


scope="request" /> 

’ property="dog" /> 

^ fat 


J ■ 


What we WANT What we GOT 



* •i*t*4*f* w T cVcjrfr* * 

Dog's name is Spike 


Dog's name is loo Dog(« 799338 

i" r ro.lt .f 

bstrktf) ^od 


You can’t say: property=“dog.name” 

There's no combination of the boan standard actions that’ll work given the original 
servlet rode, Ihv attse the Dog is not an attribute! Dog is a property of the attribute, 
so you can display the Dog. but you can't navigate to the name property of the ZX/g 
property of the firrson attribute. 

The <jsp:get Property > lets you access only the properties of the bean attribute. 
There’s no capability for nested properties, where you want a property of a property. 
rather than a property of the attribute. 
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EL to the rescue 


Expression Language (EL) saves the day! 

Yes, jusi in time to save us, the JSI* Expression Language El. was 
added ro the JSP 'J.d spec, releasing us from the tyranny of scripting. 

Eonk how beautifully simple out JSP is now... 


JSP code without scripting, using EL 

<html><body> 

D g'r name is: ${person.dog.name} 

</body></html> ^ ^ ^ ^ ^ «. ,,«!« 

wVjt ^ J u,t - ” t " 


word! * ,n otl 

ds, properties 
properties! 


This: 

$ {person.dog.name) 


Replaces this: 

<%= ((foo.Person) request.getAttribute("person")).getDogO.getName() %> 



You don't need to know 
EVERYTHING about EL. 


The exam doesn t expect you to be a 
complete EL being Everything you might typically use. 
or be tested on. is covered in the next few pages So. if 
you want to study the EL spec , knock yourself out Just 
so you 're clear that WE didn 't tell you to do that 
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Reconstructing the J$P Expression Language (EL) 

The syntax and range of die language me dirt simple. I'he tricky pari is that some of 
KI. looks like Jav a, hut behaves diflerenily. You'll see when we get to the || operator in a 
moment. So you'll find things that wouldn't work in,Java Inn will work in EL, and vice- 
vcrsa Just don't try to map Java language/syntax rules onto EL. and you'll he fine, lor 
the next lew pages, think of EL as a way to access Java objects without using Java. 


EL expressions are ALWAYS within curly 
braces, and prefixed with the dollar sign 

${person.name} 


The r,rst named vartabte^r 
•n the expre sslon ,s 
an implicit object or an 

attribute. 


$ fixstThing.secondThing) 

EL IMPLICIT OBJECT ATTRIBUTE 


I • .«lc 


I 

< 


'pageScope 

requestScope 

sessionScope 

applicationScope 

param 

paramValues 


header 

headerValues 


cookie 


initParam 


pageContext ^— 

Note- EL implicit objects are not the 
same as the implicit objects available to 
JSP scripting except tor pageContext 


in page scope K the first thing * the EL 

in request scope express,,*, <s an attribute, 
in session scope be the name of 

in application scope attribute stored m any of +k, 
W available sco^ 7 


*1 the ,mp| rf ,t objects, ^ 
PageContext « ^ 

an actual reference to the 

pageContext .s a JavaBean) 


(Java reminder: a map is 

a collection that holds 
key/value pairs, like 
Hashtable and HashMap) 
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the dot operator in EL 


Using the dot (.) operator to access 
properties and wap values 


The lirst variable is either an implii it object or an attribute, and the thing 
to the right of the dot is either a map kej (if the lirst variable is a map or a 
bean property if the lirst variable is an attribute that’s a JavaBean 


(?) If the expression has a variable followed by a dot, 
the left-hand variable MUST be a Map or a bean. 


0 ; 


fl 


$ person. name 1 




a beol' 


(g) The thing to the right of the dot MUST be a 
Map key or a bean property. 


$ {person . name} 






getNomeO 

serNomc() 


( 3 ) And the thing on the right must follow 
normal Java naming rules for identifiers. 


When the variable is on 
the left side of the dot. it’s 
either a Map (something 
with keys ) or a bean 
(something with p roperties) . 

This is true regardless 
of whether the variable is 
an implicit object or an 
attribute. 

The pageContext implicit 
object is a bean-it has 
g'ctler methods. All other 
implicit objects are Maps. 

if the object is a bean but 
the named property doesn’t 
exist, then an exception 
is thrown. 


. name 



* Must stort with a letter, _ or $ 

* After the first character, you can 
include numbers. 

* Can't be a Java keyword. 
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The H operator is like the dot only way better 

I hr dot opr rat or works only when the thing on the right is a bran property or 
map key lor thr* thing on the left. That’s it. Hut the | | operator is a lot more 
powerful and flexible... 


This: 


$ (person["name"j | 


Is the same 
as this: 

$ | person, name) 


That doesn’t look 
better. That just 
looks like more work, 
adding brackets and 
quotes.. 


O 

o 


The simple dot operator version 
works because person is a bean, 
and name is a property of person. 

But what if person is an array? 

Or what if per son is a List? 

Or what if name is something 
that can’t be expressed with the 
normal Java naming rules? 
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but the is better 


The □ gives you wore options... 

When you use the dot operator, tin- thing on tin- left can In- only a Map or a bean, 
and tin- thing on ih<- tight must follow Jav a naming r ules for identifiers. But vs ill) the 
| |. tin- thing on the left can also be a List or an array u! any type). That also means 
tin- thing on the right can In- a number, or anything that resolves to a number, or an 
identifier that doesn't fit the Java naming rules. For example, you might have a Map 
key that’s a String with dots in the name i“com.foo.trouble”). 

(?) If the expression has a variable followed by a bracket [ ], the 
left-hand variable can be a Map, a bean, a List, or an array. 


$imusicList ["something"] } 



o Bed 0 ' 



(|) If the thing inside the brackets is a String literal (i.e., in 

quotes), it can be a Map key or a bean property, or an index 
into a List or array. 


something"! I 
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Using the 11 operator with an array 


In a Servlet 

String!] favoriteMusic = ("Zero 7", "TahiLi 60", "BT", "Ftou Frou"|; 
request.setAttribute("musi-List", favoriteMusic); 


In a JSP 

Music is: 


${musicList) 


OCGQC 




Music is: [Ljava.lang.String;@ 
I d29dd9 




First .? ng ;s: ${musicList[0] ) 





Second aong ias $ ( jmiaxcLiat [ " 1" ] ) 
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accessing lists and arrays 


A String index is coerced to an int for arrays and Lists 

The HI. lor accessing an array is the same as the I'll, lor accessing; a /is/. 

Rnneinhei folks, this is NO T Java. In ML. the | | operator is N( )T the array ac cess 
operator. No, it’s just s ailed tin 1 | | operator. i\Ve swear, look it up in the spei it has no 
name! Just the symbol [ ]. Like Prime, kind of.; If it DTI) have a name, it would be the 
array/LisI/Map/bean Property as s ess operator. 


In a Servlet 

■java.util .ArrayList favor iteFood = new java.util.ArrayList 0 ; 

favoriteFood.add("chai Lee cream"); 

favoriteFood.add("fajitas") ; 

favoriteFood.add<"thai pizza"); 

favoriteFood.adci("anything .n dark chocolate"); 

request.setAttribute("favoriteFood", favoriteFood); 


in a JSP 

Foods are: ${ favoriteFood) 


(Wly ArrayL-rt has a wU o-arritWen h&bn^O 
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Fords are: [chai ice cream, faji¬ 
tas, thai pizza, anything in dark 
chocolate) 


If the thing to the left of 
the bracket is an array or 
a List, and die index is a 
String literal, the index is 
coerced to an int. 


First food is $( favoriteFood[0]) 


This would NOT work : 


• itl'I-InMMMdmM* 


First food is chai 

ice cream 


Second food is ${favoriteFood["1"]) 


Second food in fajitas 




$(favoriteFood)"one"J} 

Because “one” can’t be 
turned into an int. You’ll 
get an error if the index 
can’t be coerced. 
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[] and the dot 


For beans and Maps you can use either operator 

Foi JavaBeans and Maps, you ran use < illici the [| operalor ot tin convenient dot 
operator. Just think of map keys the same way you think of property names in a bean. 

You ask for the ke\ nt property name, and you net bark the \ ;due of the key 01 property. 

In a Servlet 

java.util.Map musicMap - new java.util.HashMap0 t 
musicMap.put("Ambient", "Zero 7"); 
musicMap.put("Surf", "Tahiti 80"); 
musicMap.put("DJ", "BT"); 
musicMap.put("Indie", "Travis"); 
request.setAttribute("musicMap", musicMap); 


Make a May, yut *«•< st ' r,n 3 
keys and object* •" *tt 
make it a request attribute 


In a JSP 


Ambient is; $ (musicMap. Ambient) 



Amt -fet.' is: $ (musicMap [ "Ambient" ] } 


\ 

Both e*freiuor>i use A"'b'er't 
as the key mto a May 
musitMay ts a MayO 
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If it's NOT a String literal, it's evaluated 

If there are nu quote* inside the brackets. the Container evaluates what’s 
inside the brackets by searching for an attribute bound tinder that name, 
and substitutes the value of the attribute, ilf there is an implicit object 
with the same name, the implicit object will always lie nsed.j 

^-X. Wthowt V*# flwibr 

Music is: $ | mu? icMap | Ambient] | NOT work" * ** t./J it 

Find an attribute named “Ambient”. 

Use the VALUE of that attribute as the key 
into the Map, or return null. 


In a servlet 

java.util.Hap musicMap = new java.util.HashMap(>j 
nur icHap.pi.it ("Ambient”, "Zero 7"); 
musicHap.put(*Surf”, "Tahiti 80”); 
imisicMap.put("DJ”, "BT“>; 
musicHap.put("Tndie”, "Frou Frou”); 

request.setAttribute("musicMap”, musicMap); 


request.setAttribute("Genre", "Ambient"); 




because there IS a request attribute named “Genre” with a 
value of “Ambient", and "Ambient” is a key into musicMap. 


This does NOT work in a JSP (given the servlet code) 


Music is $ (musicMap [ "Genre" ] | 


doesn't change 


Music is $ (musicMap ["Genre") | 


because there IS no key in musicMap named “Genre”. 
With the quotes around it, the Container didn’t try to 
evaluate it and just assumed it was a literal key name. 


This « a valid 6b bvt 

* doesn't do what 
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You can use nested expressions 
inside the brackets 

It's expressions .til I he way down in IX. You nest expressions 
to any arbitrary level. In other words, you can put a 
complex expression inside a complex expression inside a... 
it keeps going}. And the expressions are evaluated from the 
inner most brackets out. 

This part w ill seem completely intuitive to you, because it s 
no different than nesting Java code within parens. The tricky 
pari is to watch out for quotes vs. no quotes. 


In a servlet 

java.util.Map musicMap = new java.util .HashMapO ; 
musicMap.put.("Ambient*, "Zero 7"); 
musicMap. put ("Surf", "Tahiti 80"); 
musicMap.put("DJ", "BT">; 
musicMap.put("Indie", "Frou Frou"); 
request.setAttributc- ("musicKap", tnusicMap) ; 

StringtI tnusicTypes = ("Ambient", "Surf", "DJ", "Indie"I; 
request.setAttribute("MusicType", musicTypes); 


This DOES work in a JSP 


Music is ${musicMap(MusicType[0]]} 



Music 


is $(nusicMapI"Ambient"]) 



Mur-: c i. Zero 7 



Mustc is Zero 7 
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You caw t do ${foo.jL} 

W illi l>< aiis and Maps, you ran usr ilu- doi o|M*rator. I>ui only if ilu- 
tiling you type alir-r I In* doi is a legal Java ideiuiler. 


This 

$(R .Ambient 


■worVs 


wo-*' 


Is the same as this 

5 {mu. icM.spI"Ambient"] | 

But this 

$1 music!.: stpl"] 


CANNOT be turned into this 

${musicList.1) ^qI HO* 


lf you wouldn’t u..|» «o; v » a 

variable name y the 

code, DON’T put it after tn 

dot. 


f^harpen your pencil_ 

What prints? 

Given the servlet code below, figure out what would print (or if there d be an error 
just write, you know, 'error'). Answers are at the bottom of the next page 

java.util.ArrayList nums - new ;ava.util.AxrayList<); 
nums.add("1"); 
nums.add(” l "); 
nums.add("3"); 

request.setAttrlbute(“numbers", nums); 

String!) tavorileMusic = ("Zero 7", "Tahiti 80", "BT", "Frou Frou"|j 
re-quest.setAttribute(“muslcList", tavoriteMuslc); 


(T) $(musicLxst[numbers[0J] 


(5) $|musicList[numbers[0]+1]) 


(We'll talk mome about &L 
opevatxnrt m a few pa^er) 




$ImusicList[numbers[”2"]]) 


$)musicList[numbers[numbers[1]]]| 
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Code Magnets 

Don'l be nurprisvd if you find something like 
(ins on the exam except in the real exam it'll 
look... uglier). 

Study the three classes on the page, and 
the servlet code on the opposite page, then 
construct the code magnets to make the hi. 
that’ll produce the response shown in the 
browser. (Turn the page Ibr the answers, but 
not until you 1)0 THIS, espec ially if you're 
going to take the exam. 


foo Toy 

package foo; 
public class Toy ( 
private String name, 
public void setName(Stnng name) { 
this name=name, 

} 

public Stnng getName() { 
return name; 

) 



foo Person 

package foo; 
public class Person { 
pnvale Dog dog; 
private String name 
public void setDogtDog dog) { 
this dog-dog; 



public Dog getDog() { 
return dog; 

} 


nnhJir tmiH cotKJ am a/Q tr inn namoi / 

puu lb »‘_0\J JCI'KIIII'.' _. II ^ IIUIIIUI ^ 


this name=name 


} 

public String ge!Name() { 
return name, 

} 

} 


foo Dog 

package foo. 
public class Dog ( 
private Stnng name; 
private Toy[ ] toys, 
public void setName( String name) { 
this name=name; 

} 

public String getNamef) { 
return name; 

} 

public void setToys(Toyj] toys) { 
this toys=toys 

} 

public Toy[ ] getToys() { 
return toys; 

} 

) 



Answers to Sna'pen on previous page: t) Tahiti 80 2) BT 3) Frou Frou 4) Frou Frou 
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Servlet code 


Compose the EL for this output: 


foti.Pexs.-ri p = new foo. Person (); 

p.setName ("Leelu"); 

foo.Dog d • new foo.DoqO; 

d.setNaroe("Clyde"); 

foo.Toy tl = new foo.Toy()f 

tl.setName("stick")j 

foo.Toy t2 * new foo.Toyi); 

•. . fttNami |"neighbor*- cat"); 
too.Toy t3 - new foo.ToyO; 
t3.setName("Barbie* doll head"); 
d.setToys (new foo.ToytHtl, t2, t3>); 
p.setBog(d); 

request.setAttribute("person", p); 




5W»4n : n«#« *n 


Leelu's dog Clyde's toys are: stick, 
neighbor's cat, and a Barbie”* doll 
head 
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Code Magnets 
Answers 


Tl«s ts not the ONLY way to produce -the output, but 
rt’» the only way uswj this set of magnets Bonus 
ewerdrse write the EL expressions a little differently 
(fcryt the magnets), but print the same result 


Servlet code 


Compose the EL for this output: 


too. Person p = new foo.Employee(); 

p.setNanve ("Leelu") ; 

foo.Dog d = new foo.Dog(); 

d.setName(“Clyde"); 

foo.Toy tl = new foo.ToyO/ 

tl-setName ("stick"); 

foo.Toy t2 = new foo.ToyO ; 

t2.setName(“neighbor's cat"); 

foo.Toy t3 = new foo.ToyO; 

t3.setName (“Barbie 1 * doll head"); 

); 

p.setDog(d); 

request .setAttribute (“person", p) ; 


•T'i'ffcrtia auaoiwu u'hi—>rac. 

Leelu's dog Clyde's toys are: 
stick, neighbor's cat, and a 
Barbie”* doll head 



$ (p«rson.namo)' c riog $ {person.dog.namo | ' s toys aros S (person, dog. toys (0) . 
name), S(peraon. dog. toys[l].name), and a $ (person.dog.toys [2] .name> 
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Five Minute 
Mystery 



The Case of the Missing Content 

Docmnents-R-l ! s has ereated a content management 
system used primarily (hi creating tutorial* for 
desktop applications. Part of the application allows 
content developers to create " I ip of the Day" chunks 
ol content, which are stored in the request-scoped 
attribute currentTip For example, if the tip was 
“Wash your hair every other tlav,” then the screen 
would include a box like this: 


l ip of the Day: 

Wash your hair every other day. 


ThcjSP code for this tip box is: 

<div class='tipBox'> 

<b>Tip of the Day:</b> <br /> <br /> 
S(pageContent.currentTip) 

</div> 


A new client is trying to create a tutorial using the 
system, but can’t seem to get the tips to display 
correctly. For example, the tip “<b></b> tags make 
things Irold!" is rendered like this: 


p f -2 *1*1" *5 r«va*M« .-W.H 


Tip of the Day: 

tags make things bold! 

L_ 

1 


“What gives?” exclaims lawny, the client’s leadJSP developer. 
“Where did the beginning of the tip go? Why didn’t the hold 
tags get displayed?” She issues a hug report immediately to 
Doeutllenls-R-Us. 

What do you think? Did the bold tags get sent to the 
output stream? Why aren't they being displayed? 
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raw itml 


EL renders raw text, including HTML 


Tin- mystery is solved when you look at 

the ac tual HTML that is generated... -^ 


<div olaoo*•tipBox■> 

<b>Tip of the Day:</b> <br/> <br/> 
$(pageContent.currentTip) 

</div> 


So, the “<b></b>" portion of the tip 
is be ing sent in the output stream, but 
tltc- web browset is simply rendering it 
as raw HTML by bolding an empty 
space Oil the page. 

So, of course the user does not see the 
“<bx/l>>" tags on the screen. 


\ 



HTML that’s generated 

<div class='tipBox'> 

b>Tip of the Day:</b> <br/> <br/> 
<bx/b>')tag£ make things bold! 


<Vdiv> 


The same is true for 4SP expression tags... 




FLEX YOUR MIND 

OK. so (he tip string Is being sent to the outpul stream but 
Documents-R-Us wants to convert HTML special characters into 
a format that is rendered properly in their bps. So we want to 
send "«du T ' in order for the user to see the actual < character in 
the browser and '&gt" to produce the > character 


How would you accomplish this? 
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S Remember that my HTML form \ 
f oction goes straight to the 
V JSP... is there a way I can use the 
/ reguest parameters just using EL? J 


O 

o 



The El implicit objects 

Remember. Kl- has some impiii it objet i>. Hul these 
are riol the same as theJSP implicil object* I except 
Tor <*ne, pngeContexi). Here'* a c|»it k list: we’ll l<»<>k 
at some oT them in more detail on the next few pages. 
You’ll notice that all but one pageContext again . are 
simple Maps name/value pairs. 


pageScope 

requestScope 

sessionScope 

applicationScope 


f\ May it< * t 
att«-*V»*te‘ 


param of the request 

param Values 

header Ma^ ’ Ke 

header 

headerValues 


cookie 


O/tAkkk... fkt< It Jl fouttK OB/ 

w —.. ..y j * “ 

doJd it b ed Map of dookics^ 




pageContext „ 

yttcr methods 
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Request parameters in EL 

Fieri* i*l t ake. 'Hie param implicit object i> fine when yon know you have only 
one parameter for that particular parameter name. Use param Values when you 
might have more than one parameter value for a given parameter mime. 


In the HTML form 


< fornt action="TestBean. jsp" * 

Name: ■ input type-"texr" name- "name" ■ 

ID#: <input type="text" name= "empID"> 

First food: input typG=*’text" riata<j="food"> 
Second food: input type-"text" nam*=-- "food" 

<input type’-"submit"> 

</form> 


In the JSP 

Request param name is: $( param.name} 
Request param empID is: $ (param.empID) 
Request param food is: $ (param.food) . 


First food request param: ${paramValues.food[0|) 

Second food request param: $(paramValues.food[l]) 


„ » * A will «* K have a 

t*•»*-' •“* TT-Li' 

w^lc -4*^ - , fiB* i. 

u« “VTlwi ut»~ 

field* btfore UM ^ 


^aWThe tWmy ^ 


Ev en iKovak ^ |e ^ 

Z the , W y- Ht.ii« 

tK f *'7* P 4 *?" 1 °k>jeet but you'll 

Jet only the first value 


Request param name: ${paramValues.naroe[0]) 


In the client’s browser (client fills in The response 

the form and hits the submit button) 



i r; o c i 


Request param name is: Fluffy 
Request param empID is: 423 
Request param food is: Sushi 
First food request param: Sushi 
Second food request param: Macaroni & 
Cheese 

Request param name: Fluffy 
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What if you want wore information from the request? 

What if you want, sav, the server host information that comes with the "host" header in 
the request? If' yon look in the HltpSorvlet Request API, you ran see a get Header; String I 
method. We knots that if we pass "host" to the gelHeaderp method, we’ll get hack 
something like: "localhostdUJSO” (Irerause that’s where the web server is|. 


Getting the “host” header 

We know we can do it with scripting 

Host is: <%= request.getHeader("host") %> 


But with EL, we’ve got the header implicit object 

Host is : $ (header l"host"] ) TVrf Wader n*»e ar.d 

Use either attew <*eraU Y (Note here's ^ » 
Host is : $ (header. host) ^ ^ Oat header ^vlt.yle valc*ev 

VceadevVaWe* T 


Getting the HTTP request method 

I ’h-oh. This is a little trickier... there’s a method in the 
I IttpServlelRcqucst API l«>r geiMethodi), that reltims (.JET, I'OS T, etc 
But how do I get it using EL? 


We know we can do it with scripting 

Method in: <%= request.getMethod() %> 


But with EL, this will NOT work R0l NO 1 NO* There U r ° 

w ykrt revest objett 

Method is: $(request.method) 


And this will NOT work 

Method is: $(requestScope.method) 


There IS a* 


Can you figure out how to do it? 

Hint: look at the other implicit objects. 
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scope maps are NOT the real object 


The requestScop e is NOT the request o bject 

IV itnplai it requestScope is just a Map of the request scope attributes, 
not the request object itself! Wluu you want the HTTP method is a 
property the request object, not an attribute at request scope. In other 
words, you want somethin!! that comes from calling a getter method on 
the request object if we treat the request object like a beam. 

But there is no request implicit object, only requestScope! What to do? 

You need something else... 


a™7bu^s! C „T ‘° 9e ‘ request 
for requesfpropL^r 8 * PROP «TIES. 

through pageContext.*' VOU " eed to 90 


Use pageContext to get to everything else... 

Method is: ${pageContext.request.method) 

pageContext has a request property 
request has a method property 


f T A wmjvw— 

Its so easy to think that say. <Attributes are bound. 
letContext. since that obl ect. the scope Map for 

But lust as with he^ ^ ofattnbut es, and noth - 

application-scoped attnbu es tsy Con!ex( so do n'f expect to get 

ing more. You can t treat I nnolicationScope implicit object' 

SenrletContext properties back from the appncav or o 
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Scope implicit objects can save you 

II .ill v<»n nerd is i<> prinl the name of a />mon, and you really 
don't t are what scope the firnnn is in (or, you do care. Inn you 
know there's only nnt person out of all four scopes), you just 
use: 

$ : person. n itne } 


Or, if you're worried about a potential naming conflict, you 
can be explicit about which person you want: 

$|requestScope.pers n.name | 

But is there another reason you might have to preface the 
attribute with the implicit scope object:’ Other than to 
control...scoping? 

Think about tin- scenario: if you have a name that's not 
in quotes in brackets | |. that means it MUST adhere to 
Java naming rules, right' Here, we re OK, because person 
is a perfectly legal Java variable name. But that’s because 
somewhere, someone said, 


request.setAttribute("person", p); 


But att attribute name is a String! 

Strings don't follow Java variable name rules! 


N0 ! n,! fart kt ^ 

Cc^ lner ^ (mdi a 0 



I hat means someone could say: 

request .set Attribute t”foo. person”, pi; 

And then you'd be iri trouble, because THIS won't work: 

$ \ foo.person.name} 


M e t{l Us.mj He 

objeei «.«s 


•sJwe m 


^uoter 


But you'll be so thankful Tor scope objects, because using a 
opt object lets you switch to the | ] i iperator, that can take 
String names that don’t conform to Java naming rules. 

$ I requestScope ["foo . person"] . native | 
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Getting Cookies and init params 

W'c’vc looked ai ail die implicit objects except cookies and itiil params, so here 
we are. And yes, any of ihe implicit objects can show up on the exam. 


Printing the value of the “userName” Cookie 

We know we can do it with scripting 

<% CookieU cookies = request.getCookies(); 

for (int i = 0; i < cookies.lenqth; i++) I 

if ((cookiesti).getNarcei)).equals("userName")) 
out.print In(cookies[i|.getValue()); 

I 

i %> 

But with EL, we’ve got the Cookie implicit object . . 

WAV eas*r Just yve .t the ard tke value 

$( cookie. userName. value } ^jek f rot<i ^ W|*f ^ Qo okie na">es/values 


Tk«s is kind of a fain, because tke 
request object does NOT kave a 
aetCook*( CookieNa«*e) »etkod' We 
kave to yt tke wkole Cookie array and 
iterate tkrou^k .t ourselves 


Printing the value of a context init paramete r 

We have to configure the parameter in the DD 


* context-param> 

<param-name>mainEniail</para:n-nanie> 

<param-value>lik&wecarel?wickedlysmart.com</param-value> 
</context-param> 


Remember tkis is ko* you confer* 
content (aff-w.de) farmers Tkese 
are NOT tbe sa»e as servlet imt farads 


\A/a bn AkSI t«IA AAA /4 a I ♦ ItlltU AArmtlAA 

»»c rviivsvv »»c can uu u vvivn oci ipimty 


email is: <%= application.qetlnitParameter(“mainEmail") % 


And with EL, it’s even easier 

email is: ${initParam.mainEmail) 


0 


The EL InilParam is NOT 
for params configured 
using <init-param> I 

Here s what s confusing, servlet init params are 
S U <jntt-param> while context params 
to, me EL 

fo . con ,ext params' Had they consulted us. we 
Ivuid have suggested that the spec designers might 
van**,. *. 'conlextParani ... 
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EL is wonderful... but sometimes 
I need functionality, not just 
ottribute or property values. If 
only there were a way to have an EL 
expression call a Java method that 
returns a value...then I would 
be happy 



She doesn't know about El f unctions 

Wlim you nerd a liltlc rxira help from. say. a Java method, 
l>ut you don't want si ripling, you ran use an EL function. It's 
an easv wav to write a simple EL expression that calls a static 
method m a plain old Java class that you write. Whatever the 
method returns is used in the expression. It docs take a tiny 
I>ii more work to configure things, hut functions give you a 
lot more.. JuiirtwHalih'. 
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functions in EL 


Imagine you want your JSP to roll dice 

You’ve derided it would be awesome to have a web-based dire-rolling 
service. Thai way, instead of hunting around behind desks and in die 
sofa cushions lor mil dice, a user could just go to your web page, click on 
the virtual dice, and voila! They roll! < )f course, you have no idea that a 
(dongle search will probably bring up. oh, about 4,42b sites that do this. 

(7) Write a Java class with a public static method. 

This is just a plam old Java class The method MUST be public and static, and it can 
have arguments. II should (but isn't required lo) have a non-votd return type After all. 
the whole point ts to call this from a JSP and get something back that you can use as 
part of the expression or to prmt out. 

Put the ciass file in the /WEB-INF/classes directory structure (matching the appropriate 
package directory structure just like you would with any other class) 


(2) Write a Tag Library Descriptor (TLD) file. 

For an EL function, the TLD provides a mapping between the Java class that defines the 
function and the JSP that calls the function That way, the function name and the actual 
method name can be different You might be stuck with a class with a really stupid method 
name, for example and maybe you want to provide a more obvious or intuitive name to 
page designers using EL. No problem—the TLD says, "This is the Java class, this is the 
method signature for the function (including return type) and this is the name we ll use in 
EL expressions' In other words, the name used in EL doesn t have to be the same as the 
actual method name, and the TLD is where you map that 

Put the TLD file inside the /WEB-INF directory Name it with a lid extension (There are 
other places the TLD can go. we ll talk about that in the next two chapters.) 




Jut ^ t<«nl!U r4ir A#*tiwr» im iiaiip ICD 
\*y r %**. ca unvwuvc ■■■ jwmi «#wr. 


The taglib directive tells the Container, "I'm going to use this TLD, and n the JSP. when I want 
to use a function from this TLD, I'm going to prefix it with this nameIn other words it lets 
you define the namespace You can use functions from more than one TLD, and even if the 
functions have the same name, that's OK The taglib directive is kind of like giving all your 
functions fully-qualified names You Invoke the function by giving both the function name AND 
the TLD prefix The prefix can be anything you like 


(4) Use EL to invoke the function. 

This is the easy part You just call the function from an expression using S{prefix:name{)) 
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The function class, the TLD, and the JSP 


The (wt>o* method MUST 
be pubk AND ttattfi- 


The class with the function 

package foo; 

Public class DiceRoller i i ^ 

public static int rollDicTn 

» retLlr ‘ l ,lnt > I (Matn.random*) * 6) 


1), 


The Tag Library Descriptor (TLD) file 

<?xml version®"!.0" encoding="ISO-8859-l" 


?> 


< tag lib xmlns="http://1ava.sun.com/xml/nc/12ee" 
xmln s: xs i="ht t p: / / ww. w3. or g /20 01 / XMLS chema - ins t ance " 
"http://java.sun.com/xnl/ns/j2ee 
isptag] ibrary_2_f>.xsd" version~"2.0"> 

<tlib-version>1.2</tlib-version> 

<uri>DiceFunctions</uri> 

<function> 

<name>rollXt</name> 

<function-class>foo.DiceRo 
<function-signature> 
int rollDiceO 
</function-signature> 

</function> 

<Jt Ai]} 1h> 


Po 11* 

frjjrZdi* the > ^ 

r .tell talk —« abovt 1 LDs m 
the *e*t two thiyters 

The - - the W lb ' ***** r 

tell* the ***** 

the TLD (whith doev NOT have 

to he the na*»e of the 

nhrfh the « 

rl know* «h»eh -ethod to 
when the JSP invoke* the LL 

(wuetion 


The pret.K '• « 

•nude TH/c hIe 

tha« ov ; 
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deploying an app with static functions 


The only thing that's new here is the “myFunetions.tld" file, li has to be 
somewhere within \\ KB-INE or one ol its subdirectories funless it's deployed m a 
JAR file, but we'll talk about that later in the book; Heie, because this app is so 
simple, we have both the 1)1) web.Mnl and the TI.I) itmTunrtions.tlcIl ,u the top 
Irvel ol WEB-INF, but you could organize them into subdim torirs. 


The key point is that the class with the ninth him lion MI 'S I lie available to the 
app, so... for now, you know that putting it inside WEB-lNF/classes will work. 
And remember that in the tfighh direc tive in theJSR we specified a URi that 
matches the L Rl declared in the 1 LD. For now, think of the l Rl as simply 
whatever you decided to name the TLD. It's just a name In the next 
chapter on using custom tags, we'll go into all the details about TEDs and L ! RK 


■i? tag l tk | re'lix-"mine" ur i -"DiceFunctions" 


,T, 


Thu a an identifier that must match 
the <wi> inside the TLD 


the EL tuncf^ 



.. r , t ^ myFunetions.tld web.xml 

declares the M" 
class, method signature, 
and function name 

TV Java class wth 

function U Y*™' 
static method) 



DiceRoller .class 


The class with the function 
((he public static method) 
must be available to the web 
app just like servlet, bean, 
and listener classes. That 
means somewhere in WEB- 
iKF/classes... 

Put the TLD Die somewhere 
under WEB-INF. and make 
sure the tag lib directive 
in the JSP includes a uri 
attribute that matches the 
"uri> element in the TLD. 
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dlr.nl? Questions 

0 - 

V A regular scriptlet expression MUST 
return something. If you say <%= foo. 
getFooi) %>, getFooI) must NOT have a void 
return type. (At least that's what you said 
earlier.) So I'm thinking it's the same with EL 
functions? 

A ; 

il* No! It’s NOT the same with EL functions, 
although just about everybody finds that... sur¬ 
prising. Think about this—if you're calling an 
EL function that doesn t return anything, then 
you're calling it /usf for its side effects! Given 
that part of the goal for EL is to reduce the 
amount of logic in a JSP (a JSP is supposed to 
be the VIEW!), invoking an EL function just for 
its side effects doesn't sound like a good idea. 


0 : 

How did the Container find the TLO? 
The URI doesn't match the path or file name 
of the TLD. Was this a miracle? 


A: 

Just the question we were hoping 
someone would ask. Yes, you're right—we nev¬ 
er did tell the Container exactly where to find 
the real TLD file. When the app is deployed, 
the Container searches through WEB-INF and 
its subdirectories (or in JAR files within WEB- 
INF/lib) looking for tld files. When it finds one. 
it reads the URI and creates a map that says, 

"Tho Tl n tAfivh thic IIPI ic irtiullu thU filo .-it thi< 
. .- '* ,w . .- 

location..."There s a little more to the story that 

we ll cover in the next chapter. 




Can an EL function have arguments? 


A: 

tx Definitely. Just remember in the TLD to 
specify the fully-qualified class name (unless 
it's a primitive) for each argument. A function 
that takes a Map would be: 


cfunctlon-signature • 

int rollDice(java.util.Map) 
</fonction-signature> 

And call it with $(mine:rollDice(aMapAttribute)) 


1 Watch U! 


The METHOD name is not the 
same as the FUNCTION name! 




Memorize the relationships between the class, the 
TLD. and the JSP Most importantly. re '" e . r7 Jfi^' c7 - (ON 

METHOD name does NOT have to match i I 

M/mr vou use in EL to invoke the function must 
match Te ^Ze> element ,n the <function> dec,oration 
in the TLD The element for <funcf(on-signa^re> is ^ 
to tell the Container which method to call w 1 
uses the <name>. 

And the only place the class name appears fbesides me 
c £s deration itself) is ,n the <function-ctass> element 

Oh and while we re here did you notrce that everything 

< ^ Un <functi^n -name>tollIt</^mction~nari>e> I 

< 1 L)n foo^DiceBol ler< / f unction-class> " 

<function-signatuie> 
int rollDiceO 

</function-signature> 

</function> 

The correct tag for the function name is <name>> 

<function>— ^ 

<name>rolHt</ruune> 

<function-class> 

Coo.DiceBoller</function-cla5s> 

cfunctlon-signature> 

int rollDice() 

</ t unction-signature> 

</function> 
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And a few other EL operators... 

You probahlv won't (and shouldn't) do calculations and logic from F.L. Remember, 
aJSP is the View, and the View’s job is to render the response, not to make Big 
Important Dec isions or do Big Processing. If you need real functionality, that's 
normally the job of the Controller and Model. For lesser functionality, you've got 
custom tags (including the JSTL tags) and EL functions. 

But... lor little things, sometimes a little arithmetic or a simple boolean lest might 
come in handy'. So, with that perspective, here's a look at the most useful EL 
arithmetic, relational, and logical operators. 


Arithmetic (5) 

Addition: 

Subtraction: 

Multiplication: 

Division: 

Remainder: 

Logical (3) 

AND: 

OR: 

NOT: 


I and div 
% and mod 


&& and and 
|| and or 
! and not 


Relational (6) 

% a 

Equals: == and eq 

Not equals: != and ne 

Less than: < and It 

Greater than: > and gt 

Less than or equal to: <= and le 

Greater than or equal to >= and ge 


Rv the CAN divide 


b .^cankot.«£K : £^ 

a xrro-Y**" & * 



Don’t use EL reserved words 
as identifiers! 




V/alcK it! 


you can already see 11 of them on this page-the 
alternate words'for the relational, logical and some 

true a boolean literal 

false the OTHER boolean literal 

null It means, null 

instanceof (this is reserved for the future J 

empty an operator to see ,f something is null or 
empty (eg. ${empty A}) returns true if A is 
null or empty (youll see this in action a little 
later in the chapter) 
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Look at the servlet code, then figure out what prints next to each EL expression 
You II have to guess in a few places, since we haven t covered every possible rule 
This exercise will help you figure out how EL behaves. Hint EL is flexible and forgiv¬ 
ing Another hint the actual nine answers are printed at the bottom of this page up 
side down, but they are NOT in any order But if you really need help, at least you II 
have the nine answers and you can use elimination to figure out where they all go 


Given this servlet code: 

String num = "2"; 

request ..setAttribute ("num", num ); 

Integer i = new Integer(3); 
request.setAttribute(“integer", i); 

java.util.ArrayList list = new java.util.ArrayList()? 

list.add("true "); 

list.add(”£alse"); 

list.add("2”); 

list.add("10"); 

request.setAttribute("list", list); 


.... . . . . . . .. _ Am*** ikat ike D05 bean 

What prints for each of these? tUss 15 avJl!ab | e 

- Slrium > 3} 

- $ I integer le 12) 

- 5|requestSeope|"inteqer"J ne 4 and 6 ie num II false) 

- Sflist 10] |i list("l"] and true) 

- SInum > integer I 

- $)num «^= integer-1) 


cjspsuseBean clas£="foo.Dog" id="myDog" > 

<jsp:set Property name-"myDog" property-"name" vaiue-"$(list[1])" /> 
</jsp:useBean> 

$ImyDog.name and truel 

Sf42 div 0) 
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Given this servlet code: 

String num = ”2"; 

request .setAttribute ("num", num); 

Integer i = new Integer<3>; 
request.setAttribute("integer", i> > 

java.util.ArrayList list - new java.uti1.ArrayList0; 

list.add("true"); 

list.add("false"); 

list.add(”2"); 

list.add("10"); 

request.setAttribute("list", list); 


What prints for each of these? 

fal* 




fali< 


tvut 


false 


true 


$|num > 3) 


at kM* *" d 

'*> <*■* ’ 1 ‘ l ^ ui u * * ...«—** 


$ (integer le 12) to »t* ?r>»<t>« #. C ta* 

Set « 7 °“ 

$(requestScope("integer"! ne 4 and 6 ie num II false) '■'I* ^ rt 


$I list 10] II list["!"] and true) 
SInum > integer I 
S| num = integer -11 _TWevt 


l C ^ 

-n _ rv,trt.sN0^'" tL - 


Ttt les W +» IT 





jspruseBean class-”foo.Dog" id-"myDog" • 

*jsptsetProperty name="niyDog" property="name" 
- /j e p:uceBean> 

$(myDog.name and true I 

$(42 div 0) 


value="SI list[111" /> 


? 


^ y°^ use el 

,ns 'de <» tag/ 
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El handles null values gracefully 

A key design derision the developers or 111. came up with 
is to handle mill values without throwing exceptions. 
Wh\. -1 Because they figured '"it’s better to show a partial, 
incomplete page than to show the user an error page." 

Assume that there is not an attribute named “loo", but 
there IS an attribute named "birr", but that '•bar" docs 
not have a property or key named "loo". 


EL What prints 


Noth,*} pr,*t* cut torches* 
fnyressicmi if '\ < * t **1 ^ Kr 
*ata * 

“The value is " 


$ 17 ♦ fool 

7 

t* ardWt't 

‘7' 

$|7 / fool 

Infinity 

treats the «k-r 

$ 17 - fool 

7 

*araW« ^ wvo 

$|7 % fool 

Exception is thrown 

$ 1 7 < fool 

false 


“ Cool 

false 


$ 1 foo — fool 

true 

the uvkrvMn 

triable as ’‘-Palse" 

$17 !- fool 

true 


$ Itrue and foo] 

false 


$|tiue or fool 

true 


$lnot fool 

true 



$lfoo) 
$(foofbarl) 
$ I bar|foolt 
$ t foo,barI 


EL is nul]-Friendly. It 
handles unknown or null 
values so that the page still 
displays, even if it can’t 
find an attribute/property/ 
key with the name in the 
expression. 

In arithmetic, EL treats the 
null value as “zero". 

In logical expressions, EL 
treats the null value as 
“false". 
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JSP Expression Language (El) review 


■ EL expressions are always wtthin curly braces, 
and prefixed with a doilar(S) sign ${expression) 

■ The first named variable in the expression is 
either an implicit object or an attnbute in one of 
the four scopes (page, request, session, or ap¬ 
plication) 

■ The dot operator lets you access values by using 
a Map key or a bean property name, for example 
S{foo bar) gives you the value of bar, where bar 
is the name of Map key info the Map foo. or bar 
is the property of bean foo Whatever comes to 
the nght of the dot operator must follow normal 
Java naming rules for identifiers 1 (In other words, 
must start with a letter underscore, or dollar 
sign can include numbers after the first charac¬ 
ter but nothing else, etc) 

■ You can NEVER put anything to the right of the 
dot that wouldn t be legal as a Java identifier. For 
example, you can t say ${foo 1} 

■ The [ ] operator is more powerful than the dot, 
because it lets you access arrays and Lists, and 
you can put other expressions including named 
vanables within the brackets, and you can nest 
them to any level you can stand 


Fnr ovamnta If mucirt icf Ic art Arratil id t/rtn 

« Wf V/VUHIJ/IV, II IIIWWIVWI IV WIIMHWJUVI, JVM 


can access the first value in the list by saying 
S{musicList(OJ} OR ${musicList[*0'|} ELdoesn t 
care if you put quotes around the list index. 


■ If whafs inside the brackets is not in quotes, the 
Container evaluates it. If it is m quotes, and it’s 
not an index into an array or List, the Container 
sees it as the literal name of a property or key 

• All but one of the EL implicit objects are Maps 
From the Map implicit objects you can get 
attnbutes from any of the four scopes, request 


parameter values, header values, cookie values, 
and context init parameters The non-map im¬ 
plicit object is pageContext which is a reference 
to the PageContext object 

■ Don't confuse the implicit EL scope objects 
(Maps of the attributes) with the objects to which 
the attnbutes are bound In other words, don't 
confuse the requestScope implicit object with 
the actual JSP implicit request object The 
only way to access the request object is by 
going through the pageContext implicit object 
(Although some of what you might want from the 
request is already available through other EL 
implicit objects, including param/param\/alues. 
beader/headerValues. and cookie ) 

■ EL functions allow you to call a public static 
method in a plain old Java class The function 
name does not have to match the actual method 
name' For example ${foo rollttQ} does not mean 
that there must be a method named rolllt() in a 
class that has a funefion 

■ The function name (e g rolllt()) is mapped to 
a real static method using a TLD (Tag Library 
Descnptor) file Declare a function using the 
<runction> element, including tne <name> of 
the function (rolllt()). the fully-qualified <func- 
tion-class>, and the <function-signature> which 
includes the return type as well as the method 
name and argument list 

* To use a function in a JSP you must declare the 
namespace using a taglib directive Pul a prefix 
attribute in the taglib directive to tell the Con¬ 
tainer the TID in which the function you re calling 
can be found. Example: 

taglib prefix="mine" 

uri="/WEB- INF/foo.tld"% 
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Reusable template pieces 

You have headers on every page on your web 
site. They're always the same. You have the 
same footer on every page as well. How stupid 
would it Ih* to code in the saute header and 
looter tags into every JSP in your web app? 

If you're thinking like a Jav a programmer 
hit It of course you are), you know that 
doing that is about as un-< X) as it gels. 

The thought of all that duplicate code 
probably makes you feel a little si< k. What 
happens when the site designer makes, oh, a 
titty little rlumgr to the header or footer? 

You have to propagate the change everywhere 

Relax. I here s a mechanism lor handling this in 
a JSP it's called include You write your JSP 
iti the usual way, exiept that instead of putting 
the reusable stuff explicitly into the JSP you’re 
authoring, you instead tell the Container to 
imiude the other file into the existing page, at 
the location you select It’s kind of like saying; 

< htmlXhodv> 

</-- insetI the header file here --> 

Welcome to our sitc.„ 

blah blah blah more stulf here... 

</-- insert the footer file here --> 

</body></html> 

In this section we'll look at two dilferent include 
mechanisms: the include dirertit < and the <jsp: 
indude/> standard art ion. 
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The include directive 


I'lu' include directive l**lls the Container one thing: rop> everything in the 
iarluM tile and [m ntt it into this lil«*. right here... 


Standard header file (“Header.jsp”) 

<html><body> 



Ots 


<img src-"itnages/Web-Services. jpg" > <br> 

<em><strong>We know how to make SOAP suck Jess.</strongx/em> <br> 



A JSP from the web app (“Contact.jsp”) 


<htmlxbody> 

<%@ include file="Heador.jsp"%> 

<br> 

<em>We can help.</en> <br><br> 

Contact us at: S ( initParam.tnainEmail i 
• /body ><./hUnJ.> 


the 
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<jsp:include> standard action 


The <jsp:include> s tandard action 

The <jsp:in< lude> standard act ion apptars to do the same 
tliinu as the include directive. 

Standard header file (“Header.jsp”) 

<html><body> tv* is what '•* 

„.eveRV?^ £ 

<imq stc="imdqea/Web-Services. ipij” > <br> 

<emxstrong-'We know how to make SOAP suck less .</strongx/em> <br> 
< / body >< / h tml > 



A JSP from the web app (“Contact.jsp”) 


<htmlxbody> 

<jsp:include page="Header.jsp" /> 



<br> 

<em.*We can help.</em' <br><br > 

Contact us at: St initParam.mainFjndii i 
c/bodyx/html? 


^ ^ £ I, ir ,{o Ih.s m 

JSP “ 



< - I O C + I M http "localhost 80 B 0 'tests'Contact jsp 


•■Qr 


iOQ 




CO USf I.S m* » MutsKtli («kMMht C optrt Horn# Vathdot M« lul nuMfts txfcul Mome >««4iM*! 
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They're NOT the same underneath... 

The <jsp:iiulude /> standard action and the include directive look the same, and 
often give rite same result. Inn take a look at the generated servlets. We took this code 
directly out of the JspSrrvice method from Tomcat's generated servlet rode... 

Generated servlet code for the header Tile 

out.write("\r<html>\r<body>\r<img src»\"images/Web-Services.jpg\" > 

<br>\r<emXstrong>We know how to make SOAP suck less .</strongx/em> <br>\r\r 
</body>\r</html>\r"); 


Generated servlet for the JSP using the include directive 

out .write C'<htmlxbody>\r"); , „ bold EXACTLY the 

out.write("\r<html>\r<body>\r<±mg src=\"rmages/Web-Services.jpg\" > 

<br>\r<emXstrong>We know how to make SOAP suck less.</strongx/em> <br>\r\r 
</body>\r</html>\r"); 


cite(*\r<br>\r\r\r<ejn>We can heip,</em> <br><br>\r\rContact us at: 
out.write!(iava.lang.String) org.apache.jasper.runtime. PageCoritext Imp 1. 

proprietaryEvaiuate(”51initParain.malnEmailI", java.lung.String.class, 
(PageContext)_jspx_page_eontext, null, false)); 


out.write(*\r\r\r</body </html>"); 




Generated servlet for the JSP using the <jsp:lnclude l> standard action 

out .write (“<httnlxbody>\r"); „ d.Wcrer-t' The or^mal Header js? f.le a NOT mr.de the 

generated servlet Instead, .t’s some kmd of nmt>me tall 

org.apache.jasper.runtime.JspRun t Ime Library.include(request, response, 

"Header.jsp", out, false); 

out.write("\r<br>\r\r\r<em-We can help.</em> <br><br>\r\rContact us at: "); 
out.write((java.long.String) org.apache.jasper.runtime.PageContextimpl. 

proprietaryEvaiuate(“S(initParam.mainEmailI", java.lang.String.class, 
IPageContext) jspx page context, null, false)); 

out.wr i te ("\r\r\r</bodyx/html>"); 
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include directive vs. wdard action 


The include directive happens at translation time 
<jsp:include> happens at runtime 


Willi the include directive, lltcrr is NO difference between you opening your 
JSP page and pasting in the contents of “Header.jsp" In other words, it really is 
just as though you duplicated the code from the header file into your other JSH 
Kxcept the Container does it at translation time for you, so that you don’t have 
to duplicate the code everywhere. You can write ail your pages with an include 
directive, and the Container will go through the trouble ol copying the header 
code into each JSP before translating and compiling the generated servlet. 


Blit <jsp:include> is a completely different story. Rather than copying in the 
source code front “I leadrr.jsp’*, the include standard action inserts the rrjfMn.tr 
of "Header, jsp". at runtime. The key to <jsp:include> is that the Container is 
creating a KequestDispatcher from the page attribute and applying the includei 
method. T he dispatchcd/imluded JSI* executes against tin- same request and 
response objects, within the same thread — 


^^^^Tnsertsth^ SOURCE of 
The include * rs%ns |ation time. 
uHeader.jsp”. at stan dard actio" '" serts 

But the < S C, o“ “Header.i.p". a ‘ runt,n,e ' 
th e RESPONSE of n® 



^ So why wouldn't you always use 
<jsp:include>? That way you can guaran¬ 
tee you'll always have the latest content. 


n Think about it. There's an extra per¬ 
formance hit with every <jsp:include>. With 
the directive, on the other hand, the hit hap¬ 
pens only once—when the including page is 
translated, So if you're pretty sure that once 
you go to production the included file won't 
change, the directive might be the way to 
go. Of course there's still the tradeoff that 
the generated servlet class is a little larger 
when you use the directive. 


I tried this with Tomcat—I made a 
static HTML file, and included it with the 
directive. Then I changed the HTML file, 
without redeploying or anything, and the 
output from the JSP reflected the differ¬ 
ence! So if that's the case, then why ever 
use <jsp:include >? 


nr Ahhh... you have a friendly Container 
(like Tomcat S). Yes, most of the newer Con¬ 
tainers have a way of detecting when the 
included files have changed, and they do 
retranslate the including file and every¬ 
thing's great . The problem is that this is NOT 
GUARANTEED BY THE SPEC! So if you write 
your code to depend on it, your app won't 
necessarily be portable to other Containers. 
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The include directive at first request 

With tin iiu ludi- directive, the (ToiUainer lias a lot of work to do. but o»/» on 
the first request. From the second request on. there's no extra runtime overhead. 



request Contact.jsp 


Client 


Container 


Contact.jsp 


Header .jsp 


The client makes a request for 
Contact jsp. which has not been 
translated The Container reads 
the Contact.jsp page to start the 
translation process 





The container sees the include 
directive, and combines the 
source code of Header jsp and 
Contact jsp. and creates/translates 
that into a Java source file for the 
generated servlet 


© 


Compile into 



mmfcQ 

KIM 

tuoiim 

»• mi • 1 
« i mm 
t immi 


Container 


Contact_jsp. java 


Contact_jsp.c/ass 



Contactjsp 



Header, jsp 


The Container compiles the 
translated source file into a servlet 
class It's |ust like any other servlet 
at this point, and the previous step 
never has to happen again unless 
Contact jsp changes (or if your 
Container is smart and can tell 
that the included Header jsp has 
changed). 


© 



To complete the request, the 
Container loads the newly- 
compried class, initializes a servlet 
(instantiates the servlet then calls 
mit() on the new object), allocates 
a thread for the request and 
calls the jspServiceO method 
From the second request on. the 
Container does only step (C): 
allocates a thread and calls the 
jspServlce() method 
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<jsp:include f> standard action 


The <jsp:include> standard action at first request 

With the iurludc- standard art ion. there's less work at translation time, and 
more work with each request, especially if the included file is aJSP. 



Header jsp 


The client makes a request for Contact 
jsp which has not been translated The 
Container reads the Contact jsp page to 
start the translation process 



The container sees the include standard 
action and uses that to insert a method 
call in the generated servlet code 
that—at runtime—will dynamically 
combine the response from Header 
jsp into the response from Contact 
jsp The Container generates servlets 
for both JSP files (This is not dictated 
by the spec, so we re showing only an 
example of how it could work.) 


© 



The Container oompiles the translated 
source file into a servlet class It's 
just like any other servlet at this point. 
The generated servlet class file is 
loaded Into the Container's JVM and is 
Initialized Next the Container allocates 
a thread for the request and calls the 
JSPs jspServiceO method 



— 


—* 

translate 
->1 


compile 

taitu D 

latiw 

l_] 





«* «tn t 

s i emu 


Header .jsp Hcader^jspjava Header_jsp.c/css 


The Contact servlet hits the method 
that does the dynamic include and 
something vendor-specific happens' 

All we care about is that the response 
generated by the Header servlet is 
combined 'with the response from the 
Contact servlet (at the appropnate 
place). (NOT SHOWN at some point the 
Header jsp is translated and compiled 
then the generated servlet class is 
loaded and initialized) 
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fl'3| The attribute names are 
1 ^ different for the include 

directive and <jsp:include/ 

Memonze this! Look al the attributes for the two include 
mechanisms, what's different? 

<,@ include file " "Header-jsp"%> 

<jsp:include page-"Header. sp 

MMO - page' To nolp al 

,,rert ,vp <%(S> include file- foo.jsp %> >s usea omy ai 
translation time (as with alt d/reclives^An^vnen n 
latmg. the Container cares only about files I P P 

SS.'SSSSlSSnS »«ec„, e g a. 

whe n the Container cares about pages to be execi 


Can the included JSP have its own dynamic 
content? In your examples, the Header.y'sp might as well 
have been a static Header.hrm/ page. 


A : ifs. 


*v It's a JSP. so yes it can be dynamic (but you're right— 
in out example we could have made the header a static 
HTML page and it would have worked in exactly the same 
way). There are a few limitations, though: an included page 
CANNOT change the response status code or set headers 
(which means it can't coll, say, addCookicsO). You won't get 
an error if the included JSP tries to do things it can t you 
jusi won't qei what you askea' for. 


But if the included thing is dynamic, and you're 
using the static include directive, does that mean that the 
dynamic stuff is evaluated only once? 


t\r Let's say you include a JSP that has an EL expression 
that calls the rolllt function that generates a random number. 
Remember, with the include directive, that EL expression 
is simply copied into the includING JSP So each time that 
page is accessed, the EL expression runs and a new random 
number is generated. Burn this in: with the include directive, 
the source of the included thing becomes PART of the page 
with the include directive. 


0 


Om# The include directive is 

position-sensitive! 

(hreCUve WhoSe posit™ in 

fTre^mT ymatterS a P a 9° directive, 
for example, you can pul ,t anywhere in the 

page, although by convention most people put 
page directives at the top. 

But the include directive tells the Container 

l ° ^ ,ho So “™ ^ 

! F ° r <? * ampfe *yow're including 
oth a header and a footer, it might took 
something like this: 

<html><body> 

<0 /o@ include file=”Header.htmr%> <hn> 
<em>We can help.</em> <br><bn> 

Contact us at ${initParam.mainEmail} <br> 

<%@ include flle="Footer.html"%> 

< Sbody></htmt> 


jsp p )ui 

Loaned in^ one b a ^ “ 

m «« WTT&rsf ^ 

And, yes, the <jsp inclvdo is of course 
ALSO position-sensitive, but that's more 
obvious than with the include directive 
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reusable ompoiwntr. 


HELLO! Did you actually 
LOOK at the generated 
servlet code for the include 
directive? You’ve got nested 
HTML and BODY tagel That's 
wrong and stupid. 



Uh-oh. She's right... 

Think about what we did. VNV made a page for the header. “Header. 
|s|i". It was a nkf JSI’ all on its own. complete with its opening and 
dosing HTML and BODY tags. Then we made the “Contact.jsp“ 
and it. too. had nice opening and closing tags. Well, didn't we sav that 
fvrnthwg in the included file is pasted virtually i into the page with the 
include? That means everything. 

The code below; from the generated servlet, w ill Nt) I work in all 
browsers. It worked in ours because we got lucky. 

ut .wr-. te (“<htmlXbody> r">; 


nt .write-("\: <html>\r<body> r 

’ ■ img src=\"images/Web-Services.jpg\" > 
<br>r<emxstronq>We know how to make SOAP 




*11 suck less.</stiong></em> <br>\r\r 

</body>\r</html>\r"> s 


out.write("\r*br \r\r\r-em We can heip.- /em> 

■ br br-\r\rContact us at: ”); 
out.write((java.lang.String) org.apache.jasper.runtime. 

PageCcntextlmpl.proprietaryEvaluate(”$linitParam. 
mainEmail I", java.lang.String.class, 
(PageContext)_jspx_page_context, null, false)); 


iut .write("\ r\ r\ r</bodyX/html>'); 


ina and Closing HTML and 
Do NOT put °P®"' n9 our reusable pieces. 

body tags within y template chunks 

Design and writ * ’'bare,“etc.) assuming they 
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The way we SHOULD have done it 

Hen: wv look tin* ((polling and closing lags out of the included file*. This 
i/ort mean that the included files can no longer generate valid HTML 
pages on iheir own; they now rfr/irW on being included in something 
bigger. Something with <htnil><body> and </body></html> tags. But 
that's the point you're designing these reusable chunks so that you can 
compose complete layouts from smaller pieces, without duplicating the 
code by hand These reusable chunks aren't meant to live on their own. 


Header file (“Header.jsp”) 

■ img src- w images/Web-Services.jpg" > <br> 

* emxstrong>We know how to make SOAP suck less.</strong></em> <br 


(D Contact.jsp 


<html><body> 

<%@ include file="Header. jsp"%>"Tr 

- em>We can help.c/em* <br><br* 

Contact us at: $ [ InltParam.mainEtaail | 


<%@ include file='’Footer,html"%> 

</body></htnil> 


Notice •took out 
all the HTML and 
BOD*/ tay tVom 
the mduded -file* 


(3) The Footer file (“Footer.htmP) 


■a href-"index.html"'home page</a> 




He know liow to make SOAP suck less. 

Be can help? 


Contact us at likcwccared? wickcdlysmail com 
home page ( 3 ) 


k/.i.. 1 l-.. . C 

note- unis me 0 o-r 

stripping out the 

opening and dosing 

tay applies to BOTH 
indlude mefchdnisms— 
<jsP mdudo and the 
include directive 
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Customizing the included content with <jsp:paraw> 

()K. sci you've roc a header dial's supposed to appear the same way on even. page. Bui 
whai if you wane to customize part of the header/ What if you want, say, a context* 
sensitive subtitle that’s part of the header, but that changes depending on die page? 

You have a couple options. 

The dumb way: pul the subtitle information into the main page, as. say, lie lirsl tiling 
in your page after the include for die header. 

The smarter way: pass the subtitle information as a new request parameter to the 
included page! 

Why that 's cool: it the subtitle information is supposed to be part of the header, 
but it's a part that changes, you still want the header part of the template to make the 
decision about h<nv that subtitle should appeal in the filial page. In other words, let the 
person who designed the header decide how the subtitle should be rendered! 


JSP that does the include 

<html>*'body> 


C 


Lock 


no 


fcloim^ 


slash 1 


<jsp:include page="Header.jsp" > 

<jsp:param name="subTitle" value="We take the sting out of SOAP." /> 


</jsp:include> 


<br> 

<em>Web Services Support. Gr...up,</em> - br><br> 
Contact uc at: S I iriLtParajn.mainEituil) 
</bodyx/html > 


^ tie P * 

a ti'*s ea* uie 


r-”-meters 


The included header that U3E3 the new param (“Header.jspf) 


• :ran src«":mages/VJeb-Servtees. Jpg" ■ >.Dr 

$ (param. subTitie J i. j 


“M I'k'ty d Orml^{ iei ** 

El to ye{ li P^^cter Hert 


Note this idea of params 
doesn't make any sense with 
the include dirtetivf (whieh 
is not dynamic), so it applies 
ONLV to the <ysp In£lvde> 
standard action 
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This got me thinking... If I can 
include one JSP in another, what 
if I wanted to forward from one JSP 
to another? If the client gets to my 
page and hasn't logged in, I wont to 
send him to a different page 



The <jsp:forward> standard action 

Yuli ( AN forward from oueJSP to another. < )r from one 
JSP to a servlet. Or front one JSP to any oilier resource in 
your welt app. 

• )f course, you don’t usually mint to do this in production, 
because if you’re using MVC, the View is supposed to lie 
the View! And the Mew lias no business doing control 
logic. In other words, it shouldn’t he the View’s job to 
figure out if the guy is logged in or nut someone rise 
should have made that decision the Controller , before 
deciding to forward to the View. 

But let’s suspend all that good MN’C judgement for the 
time being, and see how we could do it, if we aw to forward 
from a JSP page to something else. 

Why bother if you’ll never do it? Well, you might one day 
stumble on a problem where <jsp:forward> o a useful 
solution. More importantly, like a lot of what's in the 

. .w I • I s •» nvitw • l» f o. •• -.1 c's. «-r I • «• n*«f f Lm w<« 

• mill «i«i • \iinr, iip it" "i '■jsji.pii H.iitt^ i.i wiumi rr 

Lurking in gazillions til JSPs that you might one day liud 
yourself maintaining or ideally refactoring). 
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A conditional forward... 

S<j imagine you're a JSP and you assume you’re being called from a request 
that includes a usrr.Mmr parameter. Since you're counting on that parameter, 
you want to llrsi check that the usrr.Xamr parameter isn't null. If it’s not, no 
problem finish the response. But if the userAamr parameter is null, you want 
to stop right here and turn the whole request over to something rise like a 
different JSP that will ask for the usn.Xnme. 

For now, we know we can do it with scripting: 


JSP with a conditional forward (Hello.jsp) 

<html><body> 

Welcome to our page! ^ ^ ^ 4 £ or the re«**e^ parameter 

<% if (request.getParameter("userName") = null) ( %:> 


<j sp:forward page= 

<t I %> 

Hello $(param.userName) 
</body x/htmi • 




^T-est (. u *t lJc e ** ^ p ike 


|f ** „ade it thu far, ike userName 
*»ust ha*e been valid 1 NOTHING •*» 
this p*}e will appear in the response d 
the request is fon-arded 


JSP to which the request is forwarded (Handlelt.jsp) 


<html><body> 

We're sorry... you need to log in again. 

• form action= w Kello.jsp" method="get" • 

Name: <input name»"userName'' type»"text"> 

cinput name="'Subroit" type="£ubmit"> 

</f orm> 


Thu is just a plain old paje that ytx 
the revest parameter input from the 
user and then rev«*t* ^ ** ' Mtre 
just On Hellajsp 


</bodyx / html > 
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How it runs... 

Tin- /i»</ lime you request the Hello.jsp. the |SI’ does the 
i onditional lest, discover# there’s no value for userNaine, 
and forwards in (he Handlclt.jsp. Assuniinu die user types a 
name into the name input field, thr trrond request won’t do 
die forward, since ihc userName request parameter has a 
non-null value. 


First request for Hello.jsp 



I HD list U Hi • Mutubrll CMkmmte C 

We re sony you need to log m again 

Name: 


http iVlocalhost 8080/tests/Hello jsp 

■t Mtim# SUtMol Nr M 


Johannes 


] C 


Second request for Hello.jsp 



f* http //localhost 8080. i 1est&’Heilo.jsp 

CD yy l.*» m a NutiMl ( nlorido f. opart Horn* Mat Mm H$ Hal 

Welcome to our page I 
Hello Johannes 




How come the “Welcome to our page!" 
text didn't print out the first time? 
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<jsp:forward f> tandnrd a c r/nn 


With <jsp:forward>, the buffer is 
cleared BEFORE the forward 

When a Ibns.irH happens, the resource to which the request is 
forwarded starts with a clear response bullet ! In other words, 
anything written to the response before the forward happens 
is thrown out. 

nlnnl->' truest lOTM 

O: 

This makes sense if the page is buffered... because what you 
write is sent to the buffer, and the Container just clears the buffer. 
But what if you commit the response BEFORE you do the forward? 
Like, what happens if you write something and then call flush!) on 
the out object? 

A ; 

OK, we know you're just asking this out of intellectual curiosity 
since it would be a phenomenally stupid and pointless thing to do. But 
you know that. 

But you alio know that weird things can still be on the exam, since 
your too lazy-to-learn-it co-worker might just put something this crazy 
into his code, in which case you better get used to it. 

You can probably think through the answer, though. If you write some¬ 
thing like: 

<htnil><body> 

Welcome to our page! 

<% out. flush (); %> 

if i . rrest- Pa *»r ( M ttf.P rN^mp w \ — null) l 

* .. - -3 — * — ~ ~ vs .. . » 

%> 

<jsp:forward page-"Handlelt.jap" /> <% I 
Hello $(parant.u3erNatne| 

</bodyx/html^ 

The Container dutifully commits (sends) "Welcome to our page!”as the 
response and then the Container sees the forward. Uh-oh. Too late. 
And an HlegalStateException happens. 

Except nobody will see the exception! The client just sees "Welcome to 
our page!"... and nothing e/se.The forward throws an exception but it's 
too late for the Container to take back the response, so the client sees 
what was flushed, and that's it The forward doesn't happen, the rest of 
the current page doesn't happen. End of story for that page. So never 
do a fluth-and-forward! 


NOTHING y°u w rtte before 
the forward will appear if the 
forward happens. 
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She doesn't know about 4STI tags 

When you need more functionality, something beyond what you 
t an get vsilli the standard actions or EL. you don’t have to resort 
to scripting. In the next chapter, you'll learn how to use the JSP 
Standard Tag Library l.l (JSTI. LI i to do just about every thing 
you’ll ever need, using a combination of tags and EL. Here’s a 
sneak peek of boss to do out conditional foisvaid i viUutut miptiiig, 


TV* reflate the 

idrifUet is ted. 


taaiib preiix-"c“ uri-“https//iava.sun.com/iso/ist1/core" >> 
<html><body> 

Welcome to our page! \. ~ a ^^hb d>re £ t>ve 

kU na-e* the where 

<c:if test="$(empty param.userNane)" > 

<jsp:forward page="HandleIt.jsp" /> the ta ^ 5 

</c:if> 


Hello ${param.userHamet 
</fcodyx/html> 


By the way you probably won't be able to run 
thu yet because you don't have JSTL m your web 
app We II do that in the next chapter 
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Pean-related standard action review 


_ BUUIT POINTS _ 

■ The <jsp useBean> standard action defines a vanable that holds a reference to either an 
existing bean attribute or. if the bean doesn t already exist, a new bean 

■ The <jsp useBean> MUST have an “id' attnbute which declares the variable name that'll be 
used in this JSP to refer to the bean 

■ If you don't include a “scope" attnbute with <jsp useBean> the scope defaults to page soope 

■ The 'class'' attribute is optional, and it declares the class type that will be used if a new bean 
is created The type must be public, non-abstract, and have a public no-arg constructor 

■ If you put a ‘type" attribute in <jsp useBean>, it must be a type to which the bean can be 
cast 

■ If you have a "type' attribute but do NOT have a 'class' attnbute, the bean must already 
exist, since you haven t specified the class type that should be instantiated for the new bean 

■ The <jsp useBean> tag can have a body, and anything in the body runs ONLY if a new bean 
is created as a result of <]sp:useBean> (which means that no bean with that *id" was found in 
the specified (or default) scope). 

■ The main purpose of the body of <jsp useBean> is to set the new bean s properties .using 
<jsp setProperty> 

■ <jsp:setProperty> must have a name attribute (which will match the 'id' from <jsp useBean>). 
and a ‘property" attribute The 'property' attnbute must be either an actual property name or 
the wildcard 

■ If you don't include a “value" attnbute. the Container will set the properly value only if there s 
a request parameter with a name that matches the property name, it you use me wildcard 
(’) for the property" attribute me Container will set the value of all properties mat have a 
matching request parameter name (Other properties won't be affected) 

■ If the request parameter name is different from the property name but you want to set the 
value of the property equal to the request parameter value, you can use the “param" attribute 
in the <jsp setProperty> tag 

■ The <jsp;setProperty> action uses introspect to match me property to a JavaBean setter 
method If the property is then the JSP will iterate over all request parameters to set the 
JavaBean properties 

■ Property values can be Stnngs or pnmitives and the <jsp setProperty> standard action will 
do me conversions automatically 
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The include review 


-BULLET POINTS 

■ You can build a page with reusable components 
using one of two include mechanisms—the 
include directive or the <jsp include> standard 
action 

■ The include directive does the include at transla¬ 
tion time, only once So the include directive 

is considered the appropnate mechanism for 
including content that isn t likely to change after 
deployment 

■ The include directive essentially copies everything 
from within the included file and pasles it into the 
page with the include The Container combines all 
the included files and compiles just one file for the 
generated servtet. At runtime, the page with the 
include runs exactly as though you had typed all 
the source into one file yourself 

■ The <]sp.include> standard action includes the 
response of the included page into the onginal 
page at runtime So the include standard action 
is considered appropriate for including content 
that may be updated after deployment while the 
include directive is not. 

■ Either mechanism can include dynamic elements 
(JSP code with CL expressions, for example) as 
well as static HTML pages 

■ The include directive is the only position-sensitive 
directive the included content is inserted into the 
page at the exact location of the directive. 

■ The attributes for the include directive and 
the include standard action are inconsistently 
named—the directive uses 'file' as the attnbute 
while the standard action uses a 'page' attnbute 

■ In your reusable components, be sure to strip 
out the opening and closing tags Otherwise, the 
generated output will have nested opening and 


dosing tags, which not ail browsers can handle 
Design and construct your reusable pieces know¬ 
ing that they It be mcluded/inserted into something 
else 

You can customize an included file by setting (or 
replacing) a request parameter using the 
<jsp:param > standard action inside the body of a 
<jspinclude> 

We didn t show it in this chapter, but the 
<jsp param> can be used inside the body of a 
<jsp;forward> tag as well 

The ONLY places where a <jsp param> makes 
sense are within a <jsp mclude> or a 
<jsp forward> standard action 

tf the param name used in <jsp param> already 
has a value as a request parameter the new 
value will overwrite the previous one Otherwise, a 
new request parameter is added to the request. 

The included resource has some limitations it 
cannot change the response status code or set 
headers 

The <jsp.forward> standard action forwards the 
request (just like using a HequestOispatcher) to 
another resource from the same web app 

When a forward happens the response buffer is 
cleared first' The resource to which the request 
was forwarded gets to start with a clean output 
So anything wntten to the response before the 
forward will be thrown away 

If you commit the response before the forward 
(by calling ouLflush() for example), the client will 
be sent whatever was flushed, but that's it The 
forward won t happen, and the rest of the original 
page won't be processed 
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BE the Container 
ANSWERS 



Look at this standard action: 




Note th* Ki' • is® 

but 


| It's oo.r.L't” ^ 
run 1 IX* V* . <. s o 

r '-": w 0 nu^'"* 

r 

7^ (K - ‘* J * 

^ga - #* ** 


<jsp: useBean id="person” type="foo. Employee" scope="request" > 
V <jsp:setFroperty name="person" property-"name" valuer"Fred 
</jsp:useBean > 

Name ia: <jsp:gotProperty name="person 

^ it - 

we'U?^ 

(?) What happens if the servlet code looks like: 


itretridt 


i 



" /> 


property="name" /> 

Vl tK* 


foo.Person p = new foo.Employee(); 

p.setName("Evan"); 

request.setAttrlbute("person", p) ; 

FAILS it re«iue*t Tke "ytrw attribute « *Ved it revest 

sdepe, « the cw-uscBe*. > ta* won't work sinde it - Y * 

type Tke CoJU *N0WS that.? y°u have onfy a type syet^.ed, 
there MUST be in entity bean attribute o+ tkat na»e and Uofc 

(g) What happens if the servlet code looks like: 

f00.Person p = new £00.Person(); 
p.setName("Evan"); 

request.setAttrlbute("person", p); 


AetuaHy, th„ *rWet?a.U to do^le IVe dhrated a l.ttle, 

}Zt7* '* b i^ e f^iner*, *'* ^ ,lk < "Be tk, 

roo rerton t< now ahs-t-riel r» . -,'i 1. 1 1 .. « 


s '»£e on tKu 

tke COMPILER 
t instantiate tke +oo Pe««, 


Botk diasses are m 
tke paekay “foo“ 
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7Koc& £%am (^Juzfitc'i $ 


(liven an HTML loi m that uses checkboxes to allow a user to select 
multiple values for a parameter called hobbies 

Which EL expressions evaluate to the fust value of the hobbies 
parameter? (Choose all that apply. 

Q A. ${param.hobbies) 

G IV ${paramValue.hobbies) 

—) C. $ (paramValues.hobbies[0]) 

J I). $ {par amValues .hobbies [1] ) 

□ E. ${paramValues[hobbies][0]) 

-J K ${paramValuos[hobbies][1]) 


Given that a well application store* the webmaster entail address in the 

servlet context initialization parameter called master-email 

Which retrieves that value? ! Choose all that apply, i 

Q A. <a href='mailto:$(initParam.master-email)'> 
email me</a> 

—1 R. <a href='mailto:${contextParam.master-email)'> 
email me</a> 

a C. <a hrof='mailto:${initParam['master-email'])'> 
ornail rno<" /a> 

□ D. <a href='mailto:${contextParam['master-email'] )'> 
email me</a> 
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tiiveu the foil owing Java class: 

1. package com. mycompany; 

2 . public class MyFunctions { 

3. public static String hello(String name) { 

4. return "Hello ''+name; 

5. ) 

6 . ) 

This class represents the handler for a function that i- part of a tag library. 

<%@ taglib uri="http://mycompany.com.tags" prefix®"comp" %> 

Which Tag Library Descriptor entry defines this custom function so that it can 
be used in an EL expression? 

—1 A. <taglib> 

<tag> 

<namo>Hc1lo</name> 

<tag-class>com.mycompany.MyFunctions</tag-class> 
<body-content>JSP</body-content> 

</tag> 

</taglib> 

Q B. <taglib> 

<function> 

<name>Hello</name> 

<function-class>com.mycompany.MyFunctions</function-class> 
<function-signature>java.lang.String hello(java.lang.String) 
</function-signature> 

</function> 

</taglib> 

Q C. <web-app> 

<servlet> 

Csorvl 1 o</sorvl ot-namr»> 

<servlet-class>com.mycompany.MyFunctions</servlet-class> 
</servlet> 

</web-app> 

_) D. <taglib> 

<function> 

<name>Hello</name> 

<function-class>com.mycompany.MyFunctions</function-class> 
<function-signature>hello(java.lang.String)</function-signature> 
</function> 

</taglib> 
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fiivm: 

1. package com.example; 

2 . public class TheBean { 

3. private int value; 

4. public TheBean() { value =42; } 

5. public int getValue() { return value; } 

6. public void setValue(int v) { value = v; ) 

7. ) 

.Winning no instances ■ >f TheBean have hern created yet. whichjSP 

standard action statements create a new instance of litis bean and 

store il in the request scope? Choose all that apply. ! 

V <jsp:useBean name="myBean" 

type="com.example.TheBean" /> 

_) B. <jsp :makeBean name="myBean" 

type*"com.example.TheBean" /> 

U C. <jsp:useBean id-"myBean" 

class="com.example.TheBean" 
scope="request" /> 

□ 1). <jsp:makeBean id="myBean" 

class="com.example.TheBean" 
scope="request" /> 


(liven a Model I architecture in which a JSP page handles all of the controllei 
functions, that JSP controller needs to dispan It the request to another JSP page. 

Which standard action code will perform this dispatch? 

Q A. <jsp:forward page="view.jsp" /> 

□ B. <jsp:forward file="view.jsp" /> 

□ C. <jsp:dispatch page="view.jsp" /> 

□ 1) <jsp:dispatch file-"view. jsp" /> 


you arc hero ► 423 



mock exams 


Given: 

11. <% java.util.List list = new java.util.ArrayListO; 

12. list.add("a"); 

13. list.add ("2") ; 

14. list.add ("c"); 

15. request.setAttribute("list", list); 

16. request.setAttribute("listldx", "1") ; 

17. %> 

18. <%— insert code here —%> 

Which, inserted .it line 111, are valid and evaluate t<> c ? (Choose all that apply.; 

□ A. ${list.2) 

□ B. ${list[2]) 

C. ${list.listldx+l) 

J I). ${list[listldx+l]) 

-J E. ${list['listldx' + 1]) 

□ F. $< list [ list [listldx] ]} 


— Which statements about the . (dot; and [] EL operators are true? 
/ Choose all that apply.) 

O A. ${foo.bar) is equivalent to ${foo[bar]} 

—) B. ${foo.bar) isequh.ileni tr> $(foo["bar'']) 

_J C. ${foo["5']) is valid syntax if foo is a Map 

□ I) $ (header. User-Agent) fe equivalent to 

$(header[User-Agent]} 

O E- $( header.User-Agent} isequivalent to 
$(header["User-Agent"]} 

□ I $(foo[5]) is valid syntax il foo a List or an array 
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(liven aJSI' page with I he line: 

${101 % 10 } 

\\ hat will lie displayed? 

□ A 1 

□ B. 10 

□ C. 1001 

□ II 101 % 10 

□ K. |101 % 10) 


Given: 

10. $ (param.firstname) 

11. ${param.middlenarae) 

12. ${paraxn. lastname} 

13. ${paramValues.lastname[0]) 

Which describes the output produced by this portion of a JSP page when passed the 
query string ?firstname=Johnilastnamo=Doo. J 

G A. John Doe 

G B John Doe Doe 

G (!. John null Doe 

G D. John null Doe Doe 

LI E. A null pointer exception will be thrown. 


Which show valid usage of EL implicit variables? (Choose all that apply 

n . . . . 

—I V s (COOJCICS . too) 

G B. ${initParam.foo} 

G C ${pageContext.foo} 

G 1). $ {reques tScope. foo} 

G F.. $ {header ["User-Agent"] } 

G F. ${ requostDispatcher. foo} 

G (J. ${pageContext.request.requestURI) 
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Which arc Irur alioul the <jsp:useBean> standard action? 
iCIioosr .ill dial apply.; 

LJ A. Till id .III! ilmir i> optional. 

□ R The scope attribute is required. 

LJ C. I In- scope attribute is optional and defaults to request 

D I). Hither the class ot type attributes may be spei ified, 
but al least one. 

Q E. It is valid to include both the class attribute and the type 
attribute, even if ilu ii values are NOT the same. 


How would you include dynamic content in a JSP. similar to a 
"12 server-side include SSli;' iChoosr all that apply.i 

Q A. <%@ include file="/segments/footer.jspf" %> 

—I B. <jsp:forward page="/segments/footer.jspf" /> 

□ C. <jsp:include page-"/segments/footer.jspf" /> 

O D. RequestDispatcher dispatcher 

= request.getRequestDispatcher("/segments/footer.jspf") 
dispatcher.include(request,response); 


In an HTML page with a rich, graphical layout, which JSP standard action can 
be used to import an image lile into the JSP page, 

LJ A. <jsp:image page="logo.png" /> 
a B. <jsp:image nie="logo.png" f> 

!_) (. <jsp: include page="logo . png" /> 

Q 13. <jsp: include £lle="logo. png" /> 

□ K. This C!.\NN( )T be done using a JSP standard action. 
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14 


(Jiven: 

1. package com. example; 

2. public class MyFunctions ( 

3. public static String repeat(int x, String str) { 

4. // method body 

5. > 

6 . } 


and given tlirJSl*; 

1. <%@ taglib uri="/WEB-INF/myfuncts" preflx="my" %> 

2. <%-- insert code here —%> 


Which, inserted .ii line 2 in tlieJSP, is a valid F.F function invocation? 

□ A. $ {repeat(2, "420")) 

□ B. ${repeat("2", "420")) 

□ C. $ {my: repeat (2, "420")) 

□ I). $ {my: repeat ("2", "420")) 

Q E. A valid invocation CANNOT be determined. 


Given: 

10. public class MyBean { 

11. private java.util.Map params; 

12. private java.util.List objects; 

13. private String name; 

14. public java.util.Map getParams() { return params; ) 

15. public String getNameO { return name: ) 

16. public java.util.List getObjectsO { return objects; ) 
« ^ « 

jl >. » 


Which will cause errors assume lliat an attribute named mybean can lie found. and 
is of tvp' MyBean ? (Choose all that apply. 

^ A. ${mybean.name) 

J B. ${mybean["name"]} 

CD ( ${mybean.objects.a) 

^ I). ${mybean ["params") .a) 

^ E. ${mybean.params["a")} 

^ F- $ {mybean ["objects") .a) 
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16 


Given .i JSP page: 


1. The user has sufficiently logged in or out: 

2. $(param.loggedln or param.loggedOut}. 


II the- request includes the query sit ing “loggedOut=true 
statement's displayed value? 

□ A. The user has sufficiently logged in 

□ B. The user has sufficiently logged in or 

Q G. The user has sufficiently logged in or 
loggedln or param.loggedOut). 

□ 1). The user has sufficiently logged in or 

loggedln or param.loggedOut. 

Q E. The user has sufficiently logged in or 


" , what will be this 

or out: false, 
out: true. 
out: $(param. 

out: param. 

out: or true. 



Which about EL access operators are true? i Choose all that apply. 

O A. Anywhere the . (dot operator is used, the [] could be used 
instead, 


□ B. Anywhere the [] operator is used. the. iclot could be used 
instead. 


Q G. II the . idol I operator is used to access a bean property IhiI the 
piopertv doesn't exist, then a runtime exception is thrown. 

Q D. There are some situations where the. (dm operator must he 

used and other situations where the [] operator must be used. 


The following; code fragment appears in a JSP page: 

10 <jsp:include page="/jspf/header.html"/> 

TheJSP page is part of a web application with the context root myapp 

(iiven that the application's top level directory is myapp, what is the path to the 

header. html tile? 

□ /header.html 

G B. / jspf/header.html 

L3 C. /myapp/jspf/header.html 

□ 1). /includes/jspf/header .html 
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\n online jewelry retailer wishes lo customize tlieii online catalog f«r usrrs who 
are logged in. They want to show specials for the user's birlhsione month. The 
company's special oilers are stored as a Map<String, Special []> identified as 
specials in application scope and updated daily. 

I here is a bean stored as a session-scoped attribute named userlnfo Calling 
getBirthdate() .gctMonth() on this bean will return the user’s birlhstone 
month. 

Which of the following code snippets could correctly retrieve the appropriate special 
offerings? 

G A ${appllcationScope[userInfo.birthdate.month.specials]} 

G II $(applicationScope.specials[userlnfo.birthdate.month]} 

G C. $[ applicationScope["specials"].userlnfo.birthdate.month) 
G 1). $ (applicationScope ["userlnfo. birthdate. month"] .specials) 


A web based application lor a major online movie rental retailer stores a 
List<Movie> as a session attribute to contain movies the user has requested. 
A random, embedded mov ie trailer from this list must display on the users’ 
main page every time the users’ main page is viewed. 

Management thinks a similar feature w ill he needed in the near future oil 
other pages that display lists of mov ies. Streaming v ideo is ac complished with 
regular HTML, just like- adding images to a page hut with more complex lags 

The development team needs a solution that is both flexible and maintainable. 
< )nc possible solution is to create an EL function. I he bellowing statements 
are from a team meeting concerning EL functions as a solution to this 
problem. Which statements are true? (Choose all that apply. 

G A. EL flint tions can not solve this problem because they can not retrieve 
session attributes. 

G II. The method implementing the EI. function should not Ire declared 

static to give >• at i ess to session scope. 

G C. The EL function can accept a parameter of java.util.List 
which will allow the needed movie list to he passed to it using EL. 

G 1). You might have to write III ML tags in the middle of Java code using 
an EL function, whit h is more diflicult to maintain. 
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Given an HTML Ihrm lhat uses checkboxes to allow a user to select 
UHihiple values Ibr a parameter called hobbies 


(JSP v2-0 2-2.3) 


Which EL expressions evaluate t<> the first value ol the hobbies 
parameter? (Choose nil that apply. > 

^ A. ${param.hobbies) 

Ol). $ {par amValue. hobbies} 
id C. ${paramValues.hobbies[0]} 


-Option B is starred betake there 

is no "faramVilue ~pl>*«t variable 


G I). ${paramValues.hobbies [1]) 
G K. ${paramValues[hobbies] [0]) 
G K ${paramValues[hobbies][1]) 


—Opton D •* istoiTttt, arrays 
are 0 indexed 

-Optioni E and F kj Vf 
'’torrte.i syntax 


2 


(JSP v2-0 section 

Given lhat a well application stores the webmaster email address in the 2 _ 2.3 and 2-3^") 

servlet context initialization parameter called master-email 

Which retrieves that value? (Choose all that apply. I 

G A. <a href='mailto: ${initParam.master-email)' > -Opbon 
email me</a> 

G It. <a href='mailto: $(contextParam.master-email)'> -O^ton B, iheve it no 

email me</a> tonlex-tParam impliCrt variable 

iii C. <a href='mailto:${initParamf 'master-email' ])'> 

ers3.il nvo</3> 

G 1). <a href=’mailto: ${contextParam[ 'master-email' ])' > -Option D, there it no 

email me</a> toniextParam impli£cfc variable 


A is trying to wbtratt 
rom master 
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Given the following Java class: (JSP v2-0 section T.b?>) 

1. package com.mycompany; 

2. public class MyFunctions ( 

3. public static String hello(String name) { 

4. return "Hello "+name; 

5. ) 

6 . > 

This class represents the handler for a function that is part of a tag library. 

<%@ taglib uri="http://mycorapany.com.tags" prefix='’comp" %> 

Which lag Library Descriptor entry defines this cusloni function so that it can 
he used in an EL expression? 

G A. <taglib> 


<tag> 

<name>Hello</name> 

<tag-class>com.mycompany.MyFunctions</tag-class> 
<body-content>JSP</body-content> 

</tag> 

</taglib> 

B, <taglib> 

-Option B use* the tdcrtti 

<function> 

<name>Hello</name> 

<function-class>com.raycompany.MyFunctions</function-class> 
<function-signature>java.lang.String hello(java.lang.String) 
</function-signature> 

</function> 

</taglib> 

□ C. <web-app> 


□ D. 


<servlet> 

<servlet-name>hello</servlet-name> 

<servlet-class>cotn.mycompany.MyFunctions</servlet-class> 
</servlet> 

</web-app> 


<taglib> 


-Option P a yUorrcci beWuse the 

function signature is indo**>pete 


<function> 

<name>Hello</name> 

<function-clas s>com.mycompany.My Functions*:/function-class> 

<function-signature>hello(java.lang.String)</function-signature> 
</function> 

</taglib> 
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(liven: 

1. package com.example; 

2. public class TheBean { 

3. private int value; 

4. public TheBean() { value =42; } 

5. public int getValue() { return value; } 

6. public void setValue(int v) { value = v; 

7. ) 


(JSP *2-0 * J) 


.Assuming no instances ul TheBean have hern created yet, which JSP 
standard action statements create a new instance of this bean and 


store it in the request scope? (Choose ail that apply.) . . . , 

r-» . .. ' „ n „ -Optic* A .s mval.d because the type ^tribute .s 

U A. <jsp : useBean name-"myBean" NOT used to Create a new instance and the scope 

type*"com. example. TheBean" /> a y^*te must be specified for defaults to pay) 

□ B. <jsp:makeBean name="myBean" 

type="com.example. TheBean" /> -Option B is invalid for all of the above reasons 

□ C. < jsp: useBean id="myBean" pU jspmakeBean is HOI a real taj 

class="com.example.TheBean" 
scope="request" /> 


L) 11 <jsptmakeBean id="myBean" 

class="com.example.TheBean" 
scope="request" /> 


—0pt» on D is invalid because 
jsp n»akeBean is HOT a real ta^ 


5 


(iivca a Model I architecture in which ajSP page handles ail of the controllei 
functions, that JSP i onIrollcr needs to dispati It the request to anothei JSP page. 


(JSP 


settl‘d ^ ® 


VV T hirh standard action code will perforin this dispatch? 

^ A. <jsp: forward page="view. jsp" /> -Option A «* correct f P5 \-W0) 

□ B. <jsp: forward file="view. jsp" /> -Option B is invalid because the 

□ C. <jsp:dispatch P age="view. jsp" /> f°™ard action has no file attribute 

□ D. <jsp: dispatch lile="view. jsp" /> -Options C and D are mva |,d because 

there is no dispatch action 


432 



scriptless JSPs 


(J£P vZO section 

Coven: 

11. <% java.util.List list = now java.util.ArrayList() ; 

12. list.add("a"); 

13. list.add("2"); 

14. list.add("c"); 

15. request.setAttribute("list", list); 

16. request.setAttribute("listldx", "1") ; 

17. %> 

18. <%— insert code here —%> 


Which, inserted at line III. are valid and evaluate to c ? i Choose all that apply.} 

□ A. ${list.2) 


'A b. 

□ e. 

A i). 

□ E. 
A F. 


-Options A and C are mtorrect 
$ (list [2]) because the dot operator cannot 

$ {list. listldx+l) te »**ed with a primitive 


${list[listldx+l]) 

${list['listldx' + 1]) 
$(list[list[listldx]]> 


-Option E is inCorreCt because EL 
tries to coerce ‘lisfcld** to a Lon^ 
whiCh is invalid 


— Which statements about the . (dot and [] HI. operators are true? 
/ Choose all that apply, i 


(JSP vZ -0 ft i- fc 1 } 


\ -iii kiim .in iii. ii «i|j|y. i 

i—I Ao-f ion A ii indoinrCfct * L 

J A. ${foo.bar} is rtjuivnlefit to ${foo[bar]} b« fooPbar^J 

A B. $(foo.bar) isrqui\ alciit to $(foo["bar"] ) 

^ CJ. J(£oo[“5"]) is \alkl syntax if foo is a Map 


□ I) $ (header .User-Agent) ts equivalent in 
${header[User-Agent]) 

O E. $ (header .User-Agent) is equivalent to 
${header["User-Agent"]} 


—Options D and E are incorrect because 
ok the dash in User-Aynt Only 
header[“User-A«)ent , ‘J will work 



$(foo[5]) is valid syntax if foo is a List or an arras 
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Given i |SP jmge will) the line-: 

${101 % 10 } 


What " ill be displayed? 

Q A 1 

□ B. 10 

□ C. 1001 

□ D. 101 % 10 

□ E. 1101 % 10) 


-Option A i* torrent TV* modulus 
operator returns the remainder or a 
division operation 


(JSP *2- 0 l ' ll) 


9 


Given: 

10. ${param.firstname) 

11. ${param.middlename) 

12. ${param.lastname) 

13. ${paramValues.lastname[0]} 


(JSP *2 ~0 53 

and l-M' 


\^1 


Which describe* the output produced by this portion ol a.|SP page when passed the 
C|uerv string ?firstname=Johnfclastname=Doe? 


□ A. 
B. 

□ C. 

□ 1 ). 
□ E. 


John Doe 
John Doe Doe 


-Option A I* invalid betav.se line I* 
print* the user s last name as wel 


John null Doe 


John null Doe Doe -Options C and D are invalid betause line II 

. ii n rHts '** prmtino nothin# rather than "null 1 ' 

A null pointer exception will be thrown. •* 3 


Which show valid usage ol EE implicit variables? (Choose all that apply.) (JS»P *2-0 ^ 

LJ A. ${cookies.foo) -Option A is mtorrett betause 
MB. $ {initParam. foo} the variable is “tookie'' 

□ C. ${pageContext.foo) -Option C >s miorrett betause 

3 I). $ {requestScope. foo} payConte*t <s NOT a Map and 

n/ r «, K ^ rnn s i doesn't Wave a “foo" property 

31 E. ${header["User-Agent")} 

□ E $ {requestDispatcher. foo} -Option F is .ntorrett betause 

53 G. ${pageContext.request.requestURI) this is NOT an implitit objett 
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— (JSP v^O PV I-IOI 

Which arc true almut the <jsp:useBean> --tandard action? ^ | — 

< Choosr 1,11 ,iml »PP>y-) A « "Correct 

Q A. rin id atti ibute is optional. became >d is required 

LI IV Tltr scope attribute i< required. -Options B and C are incorrect 

LI C. 1 In scope attribute is optional and default* to request '' °H ,orJ ' ‘ inC * 

n/C ... - defaults to pay 

HI I). Hither tin- class ot type attribute* may lie spec ified, 

hut at least one. 

Sj H. It i> valid to include both the class attribute and tin type 
attribute, even if theit values are NO I the same. 


-JOSP .10 s«t“» € ’* ) 


12 


How would you include dynamic content in a JSP. similar to a 
server-side include {SSI)? (Choose all that apply) -Option A a interred because -t 

D A. <%@ include file=''/segments/f ooter . jspf" %> uses in include directive, wHicVi is 
LI B <jsp:forward page="/segments/footer.jspf" /> '^1, J ^ 

u C. <jsp:include page-"/segments/footer.jspf" /> 

O I). RequestDispatcher dispatcher 

= request.getRequestDispatcher("/segments/footer.jspf"); 
dispatcher.include(request,response); 


In •"* II 

|J be used 

□ A. 

□ B. 

□ C. 

□ L). 

d H. 


-Option D would be Correct i-f it '**3* A SCnptlet it functionally does 
the $a»>e tbin^ as option C, but rb synta* is only used by servlets 


(JSP uTO settion^A-) 


TML page w it |i a rich, graphical layout, which JSP standard at lion can 
to import an image file into thcJSP page? 

, jR invalid because 

< jsp: image paqe="loqo .pnq" /> ^Options A and 0 a . 

there is no -may standard acb~ 

r 

<jsp: image file="logo.png" /> ^ C m *V.d, not became £*££££„ 

tbe mcWde attion is binary data of 

not make sense to tcP Ltenl 


<jsp:include page="logo.png" /> 


<jsp: include file="logo . png" /> '^iT'd^UTui^liS attrib-'te 

This C.\NN( )T be done using a JSP standard action. TJ“s '* a tricky question because rt a 

NOT possible to import the Contents of 
any binary file mto a JSP pay, which 
generates an PT/VIL response 
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(liven: (J£p *2-0 sedtion 2-t) 

1. package com. example; 

2. public class MyFunctions { 

3. public static String repeat(int x, String str) { 

4. // method body 

5. } 

6 . } 


.mcl given ihcJSP: 

1. taglib uri="/WEB-INF/myfuncts" prefix="my" %> 

2. <%— insert code here —%> 


Whirl), inserted at line '2 in theJSP. is a valid El. function invocation? 

□ A. $(repeat(2. "420")} 

□ R. ${repeat("2", "420")) 

□ C. $(my:repeat(2, "420")) 

□ 1). $ (my: repeat ("2", ”420")} -Option E >s torredt^T^^ 

E. A valid invneatinn CANNOT be determined. NOT 

known 


15 <; ‘ Ven: (JSP lUO ft lJA) 

10. public class MyBean { 

11. private java.util.Map params; 

12. private java.util.List objects; 

13. private String name; 

14. public java.util.Map getParams() ( return params; } 

15. public String getName() ( return name; ) 

16. public java.util.List getObjects() ( return objects; } 
l 


Which will cause errors assume that an attribute named mybean ran he found, and 
is of type MyBean ‘ (Choose all that apply. 


□ A 

$(mybean.name) 

□ B 

${mybean["name")} 

M C. 

${mybean.obj ects.a) 

□ 1). 

$(mybean["params").a) 

□ E. 

$(mybean.params["a")} 

a f. 

$(mybean["objects"].a) 


-0ft. ons C and F will tav.se errors 
V is NOT a List property, and smde 
“obvetts" is HOT a Map, a lookup won t 
be performed (as opposed to D and C-i 


436 



scriptless JSPs 


Given a JSP page: 

1. The user has sufficiently logged in or out: 

2. $ {param. loggeclln or par am. ioggedOut ). 


(JSP v2 .0 py *- bfc 
1-13) 


II the request im ludes the query ^li iin^ loggedOut=true" , what will be this 
statement’s displayed value? 


□ A. 
B. 

□ C. 

□ I). 

□ E. 


The user has sufficiently logged in 
The user has sufficiently logged in or 

The user has sufficiently logged in or 
loggedln or param.loggedOut). 

The user has sufficiently logged in or 
loggedln or param.loggedOut. 

The user has sufficiently logged in or 


or out: false. 

out: true. B is torrett betause 

out: $ {param. th< £L ewpression usrn^ "or" 
will **tun* true cit^^r 
!o<wedln or lo^edOut is true 

out: param. 
out: or true. 


Which about EL access operators are true? (Choose all that apply. 

M A. Anywhere the . idol} operator is used, the [] could lie used 
instead. 

□ II \nywhere the [] operator is used, the. (dot could he used 
instead. 


Q C. II the . (doll operator is used to access a bran property hut the 
property doesn't exist, then a runtime exception is thrown. 


(jsp vU> ft i-^) 


-Oytior B is intorrett betause orb/ 
We a mil work when ***»«* 
a) Lists and arrays, and b) Ma?* 
xKose keys are not vielMormea 


□ D. 


There arc some situations where the. idol (operator must be 
used and other situations where the [] operator must be used. 


yt.on D is correct 

, dot operator tan always be 


I'lic following (axle fragment appears in a JSP page: 

<jsp:include page="/jspf/header.html"/> 

Lite JSP page is part of a web application with the context root myapp 


(JSP vTO sett-on* ^ } 


(liven that the application’s lop level directors L myapp, what is the path to the 


header.html lile? 

□ A. /header.html 
O II. /jspf/header.html 

C. /myapp/jspf/header.html 
a O. /includes/jspf/header.html 


-The path Aspf/header h-W when used as 
the value *F the <\sp .ntlude> attion s pay 
attribute is relative to the web appl.tabon, so 
a leading batk slash (“/") means be^m at the 
applitations top level 
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' ■ ' : ■ ■ ■ ' (JSP *10 ^ ^ 

An online jewelry retailer wish*.** t<> OMilomoe their online catalog lor users who 

an- logged in. They want n> show spci ials for the user’s birthstone month. The 
company's special oilers are stored as n Map<String, Special []> identified as 
specials in application scope and updated daily. 

There is a hean stored a> a session-scoped attrihute named userlnfo. ('ailing 
getBirthdate () .getMonthO on this bean will return the user's hirihstonr 
month. 


Which ol the following cotie snippets could correctly retrieve llte appropriate s|m*» ial 
offerings? 


□ A. 

2^ li 

□ c. 

□ D. 


$(applicationScope[userlnfo.birthdate.month.specials]} 

${applicationScope.specials[userlnfo.birthdate.month]) 

$(applicationScope["specials"].userlnfo.birthdate.month) 

$(applicationScope["userlnfo.birthdate.month"].specials) 

-Option B correctly retrieve, our Mapping, Spee.altJ> from tfce 
tiofe li then attempts to get the month value fro*, the user', birthday and 
that at the key to search for a SpecaltJ * the Map Ass**,*, a match 
It (ound in the Map. our SpecaltJ « returned Thit EL Could be used in a C 
cor bach tag to iterate over the returned specials 


20 


A web based application for a major online movie rental retailer stores a 
List<Movie> as a session attribute to contain movies the user has requested. 
A random, embedded movie trailer from this list must display on the users' 
main page every time the users' main page is viewed. 

Management thinks a similar feature will be needed in the near future on 
other pages that display lists of movies. Streaming video is accomplished with 
regular HTML, just like adding images to a page hut with more complex tags. 

The development team needs a solution that is both flexible and maintainable. 
()ne possible solution is to create an Kl. function, lire following statements 
are from a team meeting concerning 1.1. functions as a solution to this 
problem. Which statements are true? (Choose all that apply. 


(JSP *10 tk) 


□ 

□ B 


V El. functions can not solve this problem because they can not retrieve 


-Option A the movie list C3n be passed 
as a piTj-eier to the function 


—Option B- methods that Implement 
EL functions must always be 
declared public and static 


session attribute*. 

The method implementing the El. function should not he declared 
* static to give it access to session scope. 

Z) (!. The EE function can accept a parameter of java.util.List 

. which will allow the needed movie list to be passed to it using EL. ^ __ ^ ^ 

1). You might have to write HI Ml. tags in the middle of Java code using H ' orf flexible solution than one that 
an EE function, which is more difficult to maintain. requires your EL function to handle 

session scope as m options a and b 


-Option c a List may be passed to 
the function Doing so provides a 
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-Option D the biggest reason not to Choose an EL function as the 
total solution The team chose to use a tag file * the solution but 
then also Created an EL function that accepts a Collection and 
returns 3 random number based on the Size of the Collection 



9 using JSTL 


Custom tags are powerful 



Sometimes you need more than EL or standard actions. 

What if you want to loop through the data in an array, and display one item per 
row in an HTML table? You know you could write that in two seconds using a for 
loop in a scriptlet. But you’re trying to get away from scripting. No problem. When 
EL and standard actions aren’t enough, you can use custom tags. They’re as 
easy to use in a JSP as standard actions. Even better, someone’s already written 
a pile of the ones you’re most likely to need, and bundled them into the JSP 
Standard Tag Library (JSTL). In this chapter we’ll learn to use custom tags, and 
in the next chapter we’ll learn to create our own. 


this is a new chapter 
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official Sun exam objectives 


Object wn % 



Building JSP pages using tag libraries 


Coverage Notes: 


9.1 Describe the syntax and semantics of the ‘taglib’ 
directive: for a standard tag library, for a library of 
Tag Files. 


9.2 Given a design goal, create the custom tag 
structure to support that goal. 


9.3 Identify the tag syntax and describe the action 

semantics of the following JSP Standard Tag Library 
(JSTL vl.1) tags: (a) core tags: out, set, remove, 
and catch, (b) conditional tags: if, choose, when, 
and otherwise, (c) iteration tags: forEach, and (d) 
URL-related: url. 


All of the objectives in this section are covered 
in this chapter, although some of the content is 
covered again in the next chapter (Developing 
Custom Tags). 


Installing the JSTL 1.1 

The JSTL 1.1 is NOT part of the JSP 
2.0 specification! Having access to 
the Servlet and JSP APIs doesn’t 
mean you have access to JSTL. 

Before you can use JSTL, you need 
to put two files, “jstl.jar” and “standard 
jar” into the WEB-INF/lib directory of 
your web app. That means each web 
app needs a copy. 

In Tomcat 5, the two files are already 
in the example applications that ship 
out-of-the-box with Tomcat, so all you 
need to do is copy them from one 
directory and put them into your own 
app’s WEB-INF/lib directory. 

Copy the files from the Tomcat 
examples at: 

webapps/jsp-examples/WEB-INF/ 

lib/jstl.jar 

webapps/jsp-examples/WEB-INF/ 

lib/standard.jar 

And place it in your own web app’s 
WEB-INF/lib directory. 
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There's got to be a 
way to iterate through a 
collection in a JSP ...without 
scripting. I want to show 
one element per row in 
a table... 



El and standard actions 
are limited 


What happens when you bump into a brick wall? 
You can go back to scripting, of course—but you 
know that’s not the path. 

Developers usually want way more standard actions 
or—even better—the ability to create their own 
actions. 

That’s what custom tags are for. Instead of saying 
<jsp:setProperty>, you want to do something like 
<my:doCustomThing>. And you can. 

But it’s not that easy to create the support code 
that goes behind the tag. For the JSP page creator, 
custom tags are much easier to use than scripting. 
For the Java programmer, however, building the 
custom tag handler (the Java code invoked when a 
JSP uses the tag) is tougher. 

Fortunately, there’s a standard library of custom 
tags known as the JSP Standard Tag Library 

JSTL 1.1). Given that your JSP shouldn’t be doing 
a bunch of business logic anyway, you might find 
that the JSTL (combined with EL) is all you’ll ever 
need. Still, there could be times when you need 
something from, say, a custom tag library developed 
specifically for your company. 

In this chapter, you’ll learn how to use the core 
JSTL tags, as well as custom tags from other 
libraries. In the next chapter, we’ll learn how to 
actually build the classes that handle calls to the 
custom tags, so that you can develop your own. 
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where’s my html? 


The case of the disappearing HTML (reprised) 


On page 384, you saw how EL sends the raw string of content directly 
to the response stream: 


<div class= 1 tipBox 1 > 

<b>Tip of the Day:</b> <br/> <br/> 
${pageContent.currentTip} 

</div> 


. ^member ** The <b>ft>> 
ta«s didn’t sU U ? as te*t, but 
^Jtwhdertd as an empty spate 
•that was bolded- 


What we got 


This tomes out 
as an "invisible’ 
bolded empty spate- 


Rendered as 

J 


What we want 


i 


<div class='tipBox'> 


<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> 


<b>Tip of the Day:</b> <br/> <br/> 

<bx/b> tags make things bold! 


&lt;b&gt;&lt;/b&gt; tags make things bold! 

</div> 


</div> 


ft is ^emed as "<" , . 
9i is rendered as V. 


« e || * | « http://localhost:8080/testJSPl/Tester.do 


Tip of the Day: 

‘ tags make things bold! 




Tip of the Day: 

<bx/b> tags make things bold! 


What we need is a way to convert those angle brackets into 
something the browser will render as angle brackets, and there 
are two ways to do this. Both use a static Java method that 
converts HTML special characters into their entity format: 


Use an EL function 


Use a Java helper method 


<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> <br/> 

${fn:convEntity(pageContent.currentTip)} 
</div> 


<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> <br/> 
${pageContent.convertedCurrentTip} 
</div> 


Here's -the 
helper method 
•to make this 
one work- 


public String getConvertedCurrentTip() { 

return HTML.convEntity(getCurrentTip()); 

} 
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There's a better way: use the <c:out> tag 

Whichever approach you use, it’s a bit unclear exactly what’s 
going on... and you may have to write that helper method for 
all your servlets. Luckily, there’s a better way. The <c:out> 
tag is perfect for the job. Here’s how conversion works: 


You can explicitly declare the conversion of XMl entities 

If you know or think you might run into some XML entities 
that need to be displayed, and not just rendered, you can use the 
escapeXml attribute on c:out. Setting this to true means that any 
XML will be converted to something the web browser will render, 
angle brackets and all: 


<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> <br/> 

<c:out value='${pageContent.currentTip}' escapeXml='true' 
</div> 


/> 




You can explicitly declare NO conversion of XMl entities 

Sometimes, you want just the opposite behavior. Maybe you’re 
building a page that takes content, and you want to display that 
content with HTML formatting. In that case, you can turn off 
XML conversion: 


Youv HTML is tvea-ted 

as /HTML, vihith in Win 

is /ML- so this a-f-fetts 
HTML tharafrWs, too. 


<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> <br/> 

<c:out value='${pageContent.rawHTML}' escapeXml='false' /> 
</div> 




Th is is 


Conversion happens by default 

The escapeXml attribute defaults to true, so you can leave it out if 
you want. A c : out tag without an escapeXML attribute is just the 
same as a c : out tag with escapeXML set to “true.” 

<div class='tipBox'> 

<b>Tip of the Day:</b> <br/> <br/> 

<c:out value='${pageContent.currentTip } 1 /> 
</div> 


had beWe... any HTML 

Splayed as t ex £ 




This is actually identical in 
•functionality to this. 
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escaping html 


r 4licrc|are no 

Dumb Questions 

0 ? 


Which HTML special characters are converted? 


A • 

Xj_* It turns out this conversion is rather simple. There are only five 
characters that require escaping: <, >, &, and the two quote symbols, 
single and double All of these are converted into the equivalent HTML 
entities. For example, < becomes &lt;, & becomes &amp and so on. 

O: 

Last month my company hired a web consultant to audit our 
web application. She noticed that we were using EL everywhere to 
output strings entered by users. She said this was a security risk and 
recommended we output all user strings using the c:out tag. What gives? 


Character 

Character Entity Code 

< 

&11 r 

> 

&gt; 

& 

Samp; 

1 

&#039; 

1! 

&#034; 


A ■ 

Your consultant was right. The security risk she is referring to is called 
cross-site hacking or cross-site scripting. The attack is sent from one user 
to another user's web browser using your webapp as the delivery mechanism. 


U se rl , 

The cracker enters a comment field in your webapp, 
cracker which is stored in the database. The cracker includes 


viral JavaScript code in the comment. 



The innocent user views the cracker’s comment, 
but the text the cracker entered also includes 
JavaScript code that compromises user2’s system! 



What happens if value of the EL expression is null? 

A • 

Good question. You know an EL expression $ {evalsToNull} 
generates an empty string in the response output, and so will 
<c:out value="${evalsToNull}"/>• 


--srte hatkm^ this 


aid the OS tode 
broker. This rente tV*^ 

ike browser, Us the attack 
■fyow* wsevl ■ 


But that's not the end of the story with c : out. The c : out tag is smart, and 
it recognizes when the value is null and can perform a special action. That 
action is to provide a default value... 
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Null values are rendered as blank text 


Suppose you have a page that welcomes the user by saying 
“Hello <user>.” But lately, users haven’t been logging in, and 
the output looks pretty odd: 


El prints nothing if user is null 

<b>Hello ${user}.</b> 


Renders as 


1 


<b>Hello .</b> 


A JSP expression tag prints nothing if user is null 


<b>Hello <%= user %>.</b> 


Renders as 


i 


<b>Hello .</b> 



Si "f e <%=l use> . %> 

eva,u t> hu "' y- Sri a, e.pty 
spaie between "Helloed the 
grange lookiw... 


Set a default value with the default attribute 

Suppose you want to show these anonymous users a message 
that says, “Hello guest.” This is a perfect place to use a 
default value with the c :out tag. Just add a default 
attribute, and provide the value you want to print if your 
expression evaluates to null: 

<c:out> provides a default attribute 

<b>Hello <c:out value='${user}' default='guest' 


the de-fault value is 
inserted... perfect 

<b>Hello guest.</b> 



This value is output '-f ' ,a ' ue 
attribute evaluates to null. 


Or you can do it this way: 

<b>Hello <c:out value=' $ {user (' >guest< / c: outx/b> 
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the c.forEach tag 


Looping without scripting 


Imagine you want something that loops over a collection (say, an array of 
catalog items), pulls out one element at a time, and prints that element in a 
dynamically-generated table row. You can’t possibly hard-code the complete 
table—you have no idea how many rows there will be at runtime, and of 
course you don’t know the values in the collection. The <c:forEach> tag is 
the answer. This does require a very slight knowledge of HTML tables, but 
we’ve included notes here for those who aren’t familiar with the topic. 

By the way, on the exam you are expected to know how to use <c:forEach> 
with tables. 


Servlet code 

String[] movieList = {"Amelie", "Return of the King", "Mean Girls"}; 
request.setAttribute("movieList", movieList); 



What you want 



Movie list: 

Amelie 

Return of the King 
Mean Girls 


In a JSP, with scripting 

<table> 

<% String}] items = (String}]) request.getAttribute("movieList"); 
String var=null; 

for (int i = 0; i < items.length; i++) { 

var = items[i]; 

%> 

<tr><td><%= var %></tdx/tr> 

< % } %> 

</table> 


446 









using JSTL 


<c:forEach> 


The <c:forEach> tag from the JSTL is perfect for this—it gives you 
a simple way to iterate over arrays and collections. 

JSP code 


... i,n, tW.s W 1 ' 0 


<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<html><body> 

<strong> Movie list:</strong> 

<br><br> 


<table> 

<c:forEach var="movie" items="${movieList }" > 

<tr> / 

<td>${movie}</td> 

</tr> 

</c:forEach> 

</table> 

</body></html> 




</ tr> 
</tr> 
</tr> 

</table> 

Tables are pretty straightforward. They’ve got cells, arranged into rows 
and columns, and the data goes inside the cells. The trick is telling the 
table how many rows and columns you want. 

Rows are defined with the <tr> (Table Row) tag, and columns are 
defined with the <td> (Table Data) tag. The number of rows comes 
from the number of <tr> tags, and the number of columns comes from 
the number of <td> tags you put inside the <tr></tr> tags. 

Data to print/display goes only inside the <td> </td> tags! 


Crash refresher on HTML tables 

<table> 


,M> s W«- TaWtData ' 


<tr> 

<tr> 

<tr> 


<td>cfata for this cell</ td> 

<td>dafa for this cell</ td> 

<td>cfata for this cell</ td> 

<td>cfata for this cell</ td> 

<td>data for this cell</ td> 

<td>data for this cell</ td> 

<td>data for this cell</ td> 

<td >data for this cell</ td> 

<td>data for this cell</ td> 
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the c.forEach tag 


Pecowstructmg <c:forEach> 


The <c:forEach> tag maps nicely into a for loop—the tag repeats the body of 
the tag for each element in the collection (and we use “collection” here to mean 
either an array or Collection or Map or comma-delimited String). 

The key feature is that the tag assigns each element in the collection to the 
variable you declare with the var attribute. 


The <c:forEach> tag 


l 





<tr> 

<td>Count: $ {movieLoopCount. count} </td> 
</tr> /K 

<tr> 

<td>${movie} <br><br></td> 

</tr> 

</c:forEach> 

</table> 


5 : *«http://localhost:8080/testJSPl/Tester.do 


\ Helpfully, -the 


LoopTagStatus class has 


a M property that 
Y ou the turreht value 
ot the iteration Counter 
fLike the V in a 4r 
loop.} 


Count^T 1 )) 

Amelie 

Count^2^) 

Return of the King 

Countti^) 

Mean Gins 
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You caw even west <c:forEach> tags 


What if you have something like a collection of collections? An array of 
arrays? You can nest <c:forEach> tags for more complex table structures. 
In this example, we put String arrays into an ArrayList, then make the 
ArrayList a request attribute. The JSP has to loop through the ArrayList 
to get each String array, then loop through each String array to print the 
actual elements of the array. 

Servlet code 


String!] moviesl = {"Matrix Revolutions", "Kill Bill", "Boondock Saints"}; 
String}] movies2 = {"Amelie", "Return of the King", "Mean Girls"}; 
java.util.List movieList = new java.util.ArrayList(); 
movieList.add(moviesl); 
movieList.add(movies2); 

request.setAttribute("movies", movieList); 


JSP code 



<table> 


<c:forEach var="listElement" items="${movies }" > 




items="${listElement}" > 


<tr> 



\r^f- r < td>$ {movie } </ td> 

\o°\ </tr> 


</c:forEach> 


</c:forEach> 


</table> 




Matrix Revolutions 
Kill Bill 

Boondock Saints 
le King 
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the c.forEach tag 


dural'* 1 't^uestfons 


0 : 

How did you know that the "varStatus" attri¬ 
bute was an instance of whatever that was, and how 
did you know that it has a "count" property? 

A i 

Ahhhh... we looked it up. 

It's all there in the JSTL 1.1 spec. If you don't have the 
spec already, go download it NOW (the intro of this 
book tells you where to get the specs covered on the 
exam). It is THE reference for all the tags in the JSTL, 
and tells you all the possible attributes, whether they're 
optional or required, the attribute type, and any other 
details on how you use the tag. 

Everything you need to know about these tags (for the 
exam) is in this chapter. But some of the tags have a few 
more options than we cover here, so you might want to 
have a look in the spec. 


0 *. 

^ Since you know more than you're telling 
about this tag... does it give you a way to change the 
iteration steps? In a real Java for loop, I don't have to 
do i++, I can do i +=3, for example, to get every third 
element instead of every element... 

A i 

Not a problem. The <c:forEach> tag has optional 
attributes for begin, end (in case you want to iterate 
over a subset of the collection), and step if you want to 
skip over some elements. 


Is the "c" in <c:forEach> a required prefix? 

A I 

Well, some prefix is required, of course; all tags 
and EL functions must have a prefix to give the Contain¬ 
er the namespace for that tag or function name. But you 
don't HAVE to name the prefix"c". It's just the standard 
convention for the set of tags in JSTL known as "Core". 
We recommend using something other than "c" as a 
prefix, whenever you want to totally confuse the people 
you work with. 


Watcl 


The “var” variable is 
scoped to ONLY the tag! 


That’s right, tag scope. No this isn’t a full-fledged scope 
to which you can bind attributes like the other four 
page, request, session, and application Ta 3 sc ^ 
simply means that the variable was declared INSIDE 

loop. 

And vou already know what that means in Java terms. 
Youisee that for most other tags, a variable set with 
a "var” attribute will be visible to whatever scope yo 
specifically set (using an optional "scope” attribute), OR, 
the variable will default to page scope. 

So don’t be fooled by code that tries to use the variable 
somewhere BELOW the end of the 
<c:forEach> body tag! 

<c :forEach var="foo" items="${fooList}" 5 

${foo) OK. 

</c:forEach> 

H0 |i r 

$ {f oo} out o£ s t0 Y e • 

It might help to think of tag scope as being just like 
IZfLope in plain old Java code. An example is .he 
for loop you all know and love. 

for (int i = 0; i < items.length; i++) < 

x + i; 


} 


doSomething 0 


no” tv* T aWt 
ail 
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Pomg a conditional include with <c:if> 

Imagine you have a page where users can view comments from other users. And 
imagine that members can also post comments, but non-member guests cannot. 

You want everyone to get the same page, but you want members to “see” more 
things on the page. You want a conditional <jsp:include > and of course, you don’t 
want to do it with scripting! 

What members see: What NON-members see: 




JSP code 


<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<html><body> 

<strong>Member Comments</strong> <br> 

<hr>${commentList}<hr> 


set 


<c:if test="${userType~eq 'member'^}" > 


** 1 \ am information'- 

-the user s \oy* 


<jsp:include page="inputComments.jsp"/> 

</c:if> 

</body></html> 

Included page (“inputComments.jsp”) 


Yes, those are £IN$LB 
<\^tes around 'member'. 

Doh t -forget that you ean 
use ZITHBR double or single 
Quotes m your tags and BL. 


<form action="commentsProcess.jsp" method="post"> 

Add your comment: <br> 

<textarea name="input" cols="40" rows="10"x/textarea> <br> 
<input name="commentSubmit" type="button" value="Add Comment"> 
</form> 
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the <c:if> tag 


Pot what if you need an eke? 


What if you want to do one thing if the condition is true, and 
a different thing if the condition is false? In other words, what 
if we want to show either one thing or the other, but nobody will 
see both? The <c:if> on the previous page worked fine because 
the logic was: everybody sees the first part, and then if the test 
condition is true, show a little extra. 

But now imagine this scenario: you have a car sales web site, and 
you want to customize the headline that shows up on each 
page, based on a user attribute set up earlier in the session. 

Most of the page is the same regardless of the user, but each user 
sees a customized headline —one that best fits the user’s personal 
motivation for buying. (We are, after all, trying to sell him a car 
and become obscenely wealthy.) At the beginning of the session, a 
form asks the user to choose what’s most important... 


At the beginning of the session: 


14 | C | * k http://localhost:8080/testJSPl/Tester.do 


When buying a car, what is most 
important to you? 

(R, Performance 
C* Safety 
O Maintenance 

f Submit' 


Somewhere later in the session: 


*' http://localhost:8080/testJSP 1/Tester.do 



. \s 


Now you can stop even if you do 
drive insanely fast. 

The Brakes 

Our advanced anti-lock brake system (ABS) 
is engineered to give you the ability to steer 
even as you’re stopping. We have the best 
speed sensors of any car this size. 




\p 




Imagine a web site for a 
car company. The first 
page asks the user what he 
feels is most important. 

Just like a good salesman, 
the pages that talk about 
features of the car will 
customize the presentation 
based on the user’s 
preference, so that each 
feature of the car looks 
like it was made with HIS 
personal needs in mind... 
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The <c:if> tag won't work for this 

There’s no way to do exactly what we want using the <c:if> tag, because it 
doesn’t have an “else”. We can almost do it, using something like: 


JSP using <c:if>, but it doesn’t work right... 


<c:if test="${userPref=='performance'}" > 

Now you can stop even if you <em>do</em> drive insanely fast.. 

</c:if> 

<c:if test="${userPref=='safety'}" > 

Our brakes won't lock up no matter how bad a driver you are. 

</c:if> 

<c:if test="${userPref=='maintenance'}" > 

Lost your tech job? No problem--you won't have to service these brakes 
for at least three years. 




way 


<!-- continue with the rest of the page that EVERYONE should see 


The <c:ih> won’t work unless we’re CERTAIN that we’ll never need a default 
value. What we really need is kind of an if/else construct:* 

JSP with scripting, and it does what we want 




<html XbodyXh2 > 

<% String pref = (String) session.getAttribute("userPref"); 
if (pref.equals("performance")) { 

out.println("Now you can stop even if you <em>do</em> drive insanely fast."); 

} else if (pref.equals("safety")) { 

out.println("Our brakes won't lock up, no matter how bad a driver you are. "); 
} else if (pref.equals("maintenance")) { 

out.println(" Lost your tech job? No problem--you won't have to service these 
brakes for at least three years."); 

} else { 


// userPref doesn't match those, so print the default headline 
out.println("Our brakes are the best."); 


} %> 

</h2xstrong>The Brakes</strong> <br> 

Our advanced anti-lock brake system (ABS) is engineered to give you the ability to 
steer even as you're stopping. We have the 
best speed sensors of any car this size. <br> 

</bodyx/html> *Yes, we a 9 ree you—there’s nearly always 

a better approach than chained if tests. But 
you're just gonna have to suspend disbelief long 
enough to learn how this all works.... 
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the c:choose tag 



The <c:choo$e> tag and its partners 
<c:when> and <c:otherwise> 


. /> 11,,. Jfowv- V)od>e s 

^ a " 0N ^se>) ' rw " 


CmtW<M the , , 


tVveves 


<c:choose> 

<c:when test="${userPref == 'performance'}"> 

Now you can stop even if you <em>do</em> drive insanely fast. 

</c:when> 


<c:when test="${userPref == 'safety'}"> 

Our brakes will never lock up, no matter how bad a driver you are. 

</c:when> 


<c:when test="${userPref == 'maintenance'}"> 

Lost your tech job? No problem--you won't have to service these brakes 
for at least three years. 

</c:when> 


<c:otherwise> 

Our brakes are the best. ' 

</c:otherwise> 

</c:choose> 

<!— the rest of the page goes here... 


t T o the <fi : wheh> tests ^ ^ 
the <fi.o-thetw.se> tu»s as a de-fault 
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The <c:$et> tag... so much cooler thaw <j$p:$etProperty> 


The <jsp:setProperty> tag can do only one thing—set the property of a bean. 

But what if you want to set a value in a Map? What if you want to make a new entry in a Map? 
Or what if you simply want to create a new request-scoped attribute? 

You get all that with <c:set>, but you have to learn a few simple rules. Set comes in two 
flavors: var and target. The var version is for setting attribute variables, the target version is for 
setting bean properties or Map values. Each of the two flavors comes in two variations: with 
or without a body. The <c:set> body is just another way to put in the value. 

Setting an attribute variable var with <c:set> 

^ lf w. w. 

0 With NO body tWlS ^ t*e» tes ^ ‘ 

<c:set var="userLevel" scope=" session" value="Cowboy" /> 

T , ujswr 

\ ha'ie & ® 


n e ^ e is option!; var is required 
h 7' Y J U « putting in a 

’ il “ tt. «l. t 

m ihe ^9 bod y ^ee #2 below). 


vaW.^’ 


K- „r-. ,r 3 mem 

<c:set var="Fido" value="$ {person . dog }" /> r\Ao is oi type Pog. 


/-f f [person, dog} evaluates 
to a p°g object, then 

i l/ln ic 


0 WITH a body 


Remember, no slash here 
^ when the ta^ has a body- 

<c:set var="userLevel" scope="session" > 

Sheriff, Bartender, Cowgirl , Jv, is evaluated and v*ed 

</c: set> Is the vie of "the variable- 

, f the value evaluates to null, the variable will be 
REMOVED! That’s right, removed . 

tribute), you use ${person.d g}. {P s nu/; then jf there IS a variable 

there is no person, or persons s P^P dy ^ (/f yQU dont specify 

attribute with a name Fido , renuest etc) This happens even if 

a scope. It will slat loom at aBroccoli. 

the Tid0 ” attribute was originally set as a bmng, u, 


you are here ► 


455 




the tag 


Using <c:set> with beans and Maps 

This flavor of <c:set> (with its two variations—with and without a body) 
works for only two things: bean properties and Map values. That’s it. 

You can’t use it to add things to lists or arrays. It’s simple—you give it 
the object (a bean or Map), the property/key name, and the value. 


Setting a target property or value with <c:set> 


(?) With NO body 




i , d -the 

IS 

0 s the 


<c:set target="${PetMap}" property="dogName" value="Clover" /> 

taryt NOT be *«*"" If ianei » a Ma ? , se { the 

value oi 3 ke y **»ed "dog^e". 


(2) WITH a body 


Do.’U^tbe^'^e 

£ oS the atV'b^e beve. 


Ho slash- *aUh ^ 

<c:set target="${person }" property="name" > 

$ {f oo . name} ^^ 

</c : set> ' he b °dy £3f) te a 



msisaW .c^^ 

under which the attribute was: bound’ n ^ mtgrls m EL expression ora 
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Key points and gotchas with <c:$et> 


r tlierciaro no 

Dumb Questions 


Yes, <c:set> is easy to use, but there are a few deal-breakers 
you have to remember... 


► You can never have BOTH the “var” and “target” 
attributes in a <c:set>. 

>• “Scope” is optional, but if you don’t use it the default 
is page scope. 

>- If the “value” is null, the attribute named by “var” 
will be removed! 

► If the attribute named by “var” does not exist, it’ll be 
created, but only if “value” is not null. 

>- If the “target” expression is null, the Container 
throws an exception. 

► The “target” is for putting in an expression that 
resolves to the Real Object. If you put in a String 
literal that represents the “id” name of the bean or 
Map, it won’t work. In other words, “target” is not for 
the attribute name of the bean or Map—it’s for the 
actual attribute object. 

► If the “target” expression is not a Map or a bean, the 
Container throws an exception. 

>- If the “target” expression is a bean, but the bean 
does not have a property that matches “property”, 
the Container throws an exception. Remember that 
the EL expression ${bean.notAProperty} will also 
throw an exception. 


0 = 

Why would I use the body version 
instead of the no-body version? It looks 
like they both do exactly the same thing. 


A i 

That's because they DO... do the 
same thing. The body version is just for 
convenience when you want more room for 
the value. It might be a long and complex 
expression, for example, and putting it in 
the body makes it easier to read. 


0 *. 

If I don't specify a scope, does that 
mean it will find attributes that are ONLY 
within page scope, or does it do a search 
beginning with page scope? 


A i 

Xj_* If you don't use the optional "scope" 
attribute in the tag, then the tag will only 
look in the page scope space. Sorry, you 
will just have to know exactly which scope 
you are dealing with. 


0 = 

Why is the word "attribute" so 
overloaded? It means both "the things 
that go inside tags" and "the things that 
are bound to objects in one of the four 
scopes." So you end up with an attribute 
of a tag whose value is an attribute of the 
page and... 


A i 

Xj_* We hear you. But that's what they're 
called. Once again, nobody asked US. 

We would have called the bound objects 
something like, oh, "bound objects". 
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the c.remove tag 



<c:rewove> just makes sense 

We agree with Dick—using a set to remove 
something feels wrong. (But remember, set does a 
remove only when you pass in a null value.) 

The <c:remove> tag is intuitive and simple: 


<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<html><body> 


/t a,:i J 

express oj! 


<c:set var="userStatus" scope="request" value="Brilliant" /> 
userStatus: ${userStatus} <br> 


<c:remove var="userStatus" scope=" request" /> 
userStatus is now: ${userStatus} 

</body></html> 




« • >S : • „ http://localhost:8080/testJSPl/Tester.do 


userStatus: Brilliant 
userStatus is now: 


The value o-f userSial 
- us «* s 


y° u leave 
removed 
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Test your Tag memory 

If you’re studying for the exam, don’t skip this one. 
The answers are at the end of the chapter. 


© Fill in the name of the optional attribute. 


<c:forEach var="movie" items="${movieList }" 
${movie} 



foo" 


</c:forEach> 


> 


© Fill in the missing attribute name. 


_="${userPref=='safety'}' 


<c: if 

Maybe you should just walk... 
</c:if> 


> 


© Fill in the missing attribute name. 

<c:set var="userLevel" scope="session" 


—"foo" /> 


® Fill in the missing tag names (two different tag types), and the missing attribute name. 

<c:choose> 



</c:choose> 
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the c:import tag 


With <c:iwport>, there are wow THREE 
ways to include content 

So far, we’ve used two different ways to add content from another 
resource into a JSP. But there’s yet another way, using JSTL. 

@ The include directive 

<%@ include file= "Header. html" %> 

Static: adds the content from the value of the file 
attribute to the current page at translation time. 


(2) The <jsp:include> standard action 


<jsp: include page="Header .jsp" /> 

Dynamic: adds the content from the value of the 
page attribute to the current page at request time. 


(f) The <c:import> JSTL tag 




'%£&*****■ 


<c :import url="http ://www.wickedlysmart.com/skyler/horse.html" /> 


Dynamic: adds the content from the value of the 
URL attribute to the current page, at request time. 
It works a lot like <jsp:include>, but it’s more 
powerful and flexible. 


Do HOT ton-fuse <d:impovt> (a type of 
include) with the "import” attribute of 
the page directive (a way to put a Java 
import statement in the generated servlet)- 


They all have different attribute names! 
w—t- (And watch out for “include” vs. “import ) 

Each of the three mechanic 5 for includi ^^^ ^^Z^M^uses page , and 
different word for the attribute. The ' n ^ e J^ sense when you think about it... but you do have 
the JSTL <c:import> tag uses url. Thl f ™ ,, jntende d for static layout templates, like HTML 

to memorize all three. The directive was org y jnten ded more for dynamic content 

headers. In other words, a “file”. The' reflect that. The attribute for <c:/mport> 

coming from JSPs, so they named the « e P 9 f ,y S f two “includes” can t go outside 

is named for exactly what you give it-a URL! Rememo 

the current Container, but <c:import> can. __ 
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<c:iwport> caw reach OUTSIPE the web app 

With <jsp:include> or the include directive, you can include only pages that are part of the 
current web app. But now with <c:import>, you have the option to pull in content from 
outside the Container. This simple example shows a JSP on Server A importing the contents 
of a URL on Server B. At request time, the HTML chunk in the imported file is added to 
the JSP. The imported chunk uses a reference to an image that is also on Server B. 
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the c: import tag 


Customizing the thing you include 

Remember in the previous chapter when we did a <jsp:include> to 
put in the layout header (a graphic with some text), but we wanted to 
customize the subtitle used in the header? We used <jsp:param> to 
make that happen... 

© The JSP with the <jsp:include> 

<htmlxbody> 

<j sp:include page="Header.j sp"> 


<jsp:param name="subTitle" value="We take the sting out of SOAP. 
</j sp:include> 


<br> 

<em>Welcome to our Web Services 
Contact us at: ${initParam.main 
</body></html> 


© The included file (“Header.jsp”) 


<img src="images/Web-Ser^_ces.jpg" > <br> 


<emxstrong>$ {param. subTitle} </strongx/em> 
<br> 



Support Group.</em> <brxbr> 
mail} 
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Poing the same thing with <c:param> 

Here we accomplish the same thing we did on the previous page, but 
using a combination of <c:import> and <c:param>. You’ll see that the 
structure is virtually identical to the one we used with standard actions. 

0 The JSP with the <jsp:import> 

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 

<html><body> 

<c: import url="Header. jsp"^> ba<^ has a hocty ■ 

<c:param name="subTitle" value="We take the sting out of SOAP." /> 
</c:import> 

<br> 

<em>Welcome to our Web Services Support Group.</em> <br><br> 

Contact us at: ${initParam.mai\iEmail} 

< /bodyx /html > 


0 The included file (“Header.jsp”) 


<img src="images/Web-Services.jpg" > <br> 


<emxstrong>$ {param. subTitle}</strongx/em> doesnv bheve 

•thev-e, as M as «t 


<br> 
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URL rewriting in a JSP 



' ' He missed the point... I said 
"guarantee". My real question is—if 
the client doesn't support cookies, how 
can I get URL rewriting to happen? How 
I can I get the session ID added to 
\the URLs in my JSP? _^ 

o- 


o 
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<c:orl> for all your hyperlink needs 


Remember way back in our old servlet days when we wanted to use a session? First 
we had to get. the session (either the existing one or a new one). At that point, the 
Container knows that it’s supposed to associate the client from this request with a 
particular session ID. The Container wants to use a cookie—it wants to include a 
unique cookie with the response, and then the client will send that cookie back with 
each subsequent request. Except one problem... the client might have a browser with 
cookies disabled. Then what? 

The Container will, automatically, fall back to URL rewriting if it doesn’t get a cookie 
from the client. But with servlets, you STILL have to encode your URLs. In other 
words ,you still have to tell the Container to “append the jsessionid to the end of this 
particular URL...” for each LTRL where it matters. Well, you can do the same thing 
from a JSP, using the <c:url> tag. 

URL rewriting from a servlet 

public void doGet(HttpServletRequest request, HttpServletResponse response) 


throws IOException, ServletException { 


response.setContentType("text/html"); 

PrintWriter out = response.getWriter() ; 

HttpSession session = request.getSession() ; 

out. println ("<htmlxbody>") ; 

out.println ("<a href=V'" + response.encodeURL("/BeerTest.do") + "\">click</a>") ; 



out.println("</body></html>"); 



URL rewriting from a JSP 

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<htmlxbody> 

This is a hyperlink with URL rewriting enabled. 

<a href="<c:url value='/inputComments.jsp' />">Click here</a> 


</body></html> 
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the <c:URL> tag 


What if the URL weeds encoding? 

Remember that in an HTTP GET request, the parameters are appended to the URL as a query string. 
For example, if a form on an HTML page has two text fields—first name and last name—the request 
URL will stick the parameter names and values on to the end of the request URL. But...an HTTP 
request won’t work correctly if it contains unsafe characters (although most modern browsers will try to 
compensate for this). 

If you’re a web developer, this is old news, but if you’re new to web development, you need to know 
that URLs often need to be encoded. URL encoding means replacing the unsafe/reserved characters 
with other characters, and then the whole thing is decoded again on the server side. For example, 
spaces aren’t allowed in a LTRL, but you can substitute a plus sign “+” for the space. The problem is, 
<c:url> does NOT automatically encode your URLs! 

Using <c:url> with a query string 



Using <c:param> in the body of <c:url> 

This solves our problem! Now we get both URL rewriting and URL encoding. 

"no slash 

<c:url value="/inputComments.jsp" var="inputURL" > 

<c:param name="firstName" value="$ {first} " /> 

<c:param name="lastName" value="${last}" /> 

</c: url> Movj >weVe sa 

takes tareoUhe «*» 

Now the URL looks like this: _ ^ 


safe betake <*?**»> 


/myApp/inputComments.j sp?firstName=Crouching+Pixels&lastName=Hidden+Cursor 
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You do NOT want your clients to see this: 


0 O O Apache Tomcat/5.0.19 - Error report 

| < ► | [ ft ] [ C 1 ( + ) 0http://localhost:8U8U/kathyjbPi/Lhooseiest.jsp * Q- S 

CD J2SE 1.5 in a Nutshell Colorado G...opcrs Home Slashdot: Nc . hat matters orkut home java.net » 


HTTP Status 500 - 


5 T5 Exception report 

The server encountered an internal error 0 that prevented it from fulfilling this request. 

org.apache.jasper.JasperException: / by zero 

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:358) 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) 
javax.servlet.http.HttpServlet.service(HttpServlet.j ava:856) 


java.lang.ArithmeticException: / by zero 

org.apache.jsp.ChooseTest_jsp._jspService(ChooseTest_jsp.java:62) 
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:13 3) 
javax.servlet.http.HttpServlet.service(HttpServlet.j ava:856) 

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:311) 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) 
javax.servlet.http.HttpServlet.service(HttpServlet.j ava:856) 

ffTO The full stack trace of the root cause is available in the Tomcat loos. 


iache Tomcat/5.0.19 


you are here ► 467 




















error pages 


Make your own error pages 


The guy surfing your site doesn’t want to see your stack trace. And he’s not too thrilled 
to get a standard “404 Not Found”, either. 

You can’t prevent all errors, of course, but you can at least give the user a friendlier 
(and more attractive) error response page. You can design a custom page to handle 
errors, then use the page directive to configure it. 


The designated ERROR page (“errorPage.jsp”) 


<%@ page 


i sE rr or Page= " true' 


<htmlxbody> 

<strong>Bummer.</strong> 

<img src="images/bummerGuy.jpg"> 
</body></html> 


W w s U tv* Cental, ^ |S 

, error ? 5 


The BAD page that throws an exception (“badPage.jsp”) 


<%@ page 


errorPage="errorPage.jsp' 


B 


<htmlxbody> 

About to be bad... 
<% int x = 10/0; %> 
</bodyx/html> 




What happens when you request “badPage.jsp” 


eon 


Apache Tomcat/5.0.19 - Error report_ _ 

i ’ http://localhost:8080/tests/badPage.jsp ^ ~ 


o C op*r» Home Sl» shOot: Ne hat matters orkot - home 


Bummer. 



<- 


The REQUEST was U 
"badPav ^?”. WUhatw 
■threw aso the 

_ response tame w 

" errorPay^ sy" 
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using JSTL 



She doesn't know about the <error-paqe> PP tag. 

You can declare error pages in the DD for the entire web app, and you 
can even configure different error pages for different exception types, or 
HTTP error code types (404, 500, etc.). 

The Container uses <error-page> configuration in the DD as the 
default, but if a JSP has an explicit error Page page directive, the 
Container uses the directive. 
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error pages in the DD 


Configuring error pages in the PP 


You can declare error pages in the DD based on either the <exception-type> or 
the HTTP status <error-code> number. That way you can show the client different 
error pages specific to the type of the problem that generated the error. 


Declaring a catch-all error page 

This applies to everything in your web app—not just JSPs. 

You can override it in individual JSPs by adding a page 
directive with an errorPage attribute. 

<error-page> 

<exception-type>j ava.lang.Throwable</exception-type> 
<location>/errorPage.j sp</location> 

</error-page> 

Declaring an error page for a more explicit exception 

This configures an error page that’s called only when there’s an 
ArithmeticException. If you have both this declaration and the 
catch-all above, any exception other than ArithmeticException 
will still end up at the “errorPage.jsp”. 


<error-page> 

<exception-type>j ava.lang.ArithmeticException</exception-type> 
<location>/arithmeticError.j sp</location> 

</error-page> 


Declaring an error page based on an HTTP status code 

This configures an error page that’s called only when the status 
code for the response is “404” (file not found). 

<error-page> 

<error-code>404</error-code> 
<location>/notFoundError.j sp</location> 


</error-page> 


V 


The < 

•the evvov- ?a$e is 



,s based on <evror-i.ode> <w 
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Error pages get aw extra object: exception 


An error page is essentially the JSP that handles the exception, so the 
Container gives the page an extra object for the exception. You probably 
won’t want to show the exception to the user, but you’ve got it. In a 
scriptlet, you can use the implicit object exception , and from a JSP, you 
can use the EL implicit object ${pageContext.exception}. The object is 

type java.lang.Throwable, so in a script you can call methods, and with . 

EL you can access the stackTrace and message properties. |\/ote : the e*de^tion imf>lid.it o IS 

available ONLY to error a " 

eyfliditly--de£ined ^e diredtive: 

A more explicit ERROR page (“errorPage.jsp”) <%g , s e^pa 3 e-'W %> 


<%@ page isErrorPage="true" %> 

<htmlxbody> 

<strong>Bummer.</strong><br> 


|„ other words, don^urinj an error yaje in 
•the PP is not enough to make the Container 

3 we that f a 3 e the imflidit e*de ? tion objedt. 


You caused a 


${pageContext.exception} 


on the server.<br> 


<img src="images/bummerGuy.jpg"> 
</bodyx/html> 


What happens when you request “badPage.jsp” 



>e, jou ojet more 
Is. V 0,A yrobablj 
show this to the 
just did this so 

:ould see it- 
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the <c:catch> tag 


What if I think there's 
an exception I might be able 
to recover from in a JSP? What 
if there are some errors I 
want to catch myself? 


O 


The <c:catch> tag. Like try/catch ...sort of 



If you have a page that invokes a risky tag, but you think you can 
recover, there’s a solution. You can do a kind of try/catch using the 
<c:catch> tag, to wrap the risky tag or expression. Because if you 
don’t, and an exception is thrown, your default error handling will 
kick in and the user will get the error page declared in the DD. The 
part that might feel a little strange is that the <c:catch> serves as 
both the try and the catch—there’s no separate try tag. You wrap the 
risky EL or tag calls or whatever in the body of a <c:catch>, and the 
exception is caught right there. But you can’t assume it’s exactly like a 
catch block, either, because once the exception occurs, control jumps 
to the end of the <c:catch> tag body (more on that in a minute). 

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" 
<%@ page errorPage="errorPage.jsp" %> 

<htmlxbody> 

About to do a risky thing: <br> 





<c:catch> 

<% int x = 10/0; %> 

</c:catch> 


This sCviptlet will DEFINITELY 
cause an exception... but we caught it 
instead o-f tviggev-ing the ev-v-ov page 


If you see this, we survived. ^-"this prints out, then we IN 

we made it past the exception 

</body></html> (which in this example, means we 

successfully caught the exception). 
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But how do I get access to 
the Exception object? The 
one that was actually thrown? 
Since this isn't an actual error 
page, the implicit exception 
object doesn't work here. 



You caw make the exception aw attribute 

In a real Java try/catch, the catch argument is the exception object. 

But with web app error handling, remember, only officially-designated error 
pages get the exception object. To any other page, the exception just isn’t 
there. So this does not work: 


<c:catch> 

Inside the catch... 
<% int x = 10/0; %> 
</c:catch> 


Exception was: ${pageC .exception} 



vtfon'i because -this 

v*. «,***»*¥■ 

-the e*«rt'°r objett- 


Using the “var” attribute in <c:catch> 

Use the optional var attribute if you want to access the exception after 
the end of the <c:catch> tag. It puts the exception object into the page 
scope, under the namejoa declare as the value of var. 

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<%@ page errorPage="errorPage.jsp" %> 

<htmlxbody> 


About to do a risky thing: <br> 

<c:catch var="myException"> 4 

Inside the catch... 

<% int x = 10/0; %> 

</c:catch> 


This treats a »** 


<c:if test="$(myException != null}"> 

There was an exception: $ {myException .message} <br> 
</c:if> 


We survived. 
</body></html> 


"“•V r^y n«« We 
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the <c:catch> tag 


body after the exception. 

rn a regular Java try"catch. once the ’ Z*. 

2ST*. ^— 

„ /fyou used fta opaona/ W affrfala, «» exception object is assignee to ,t 
2) Flow jumps to below the body of the <c:catch> tag. 


<c:catch> 


t°^ 


Ax° X 


Inside the catch..• 
<% int x = 10/0; %> 

"After the catch ..• 


.You’ll Nft/W 


see 


tw»s! 


</c:catch> 
l We survived. 

Be careful about I his. If you wantZchaMdy-lZ^ber words, there 

loepL WITH, the 

jt’s'temptir^tothinli of a <c:catep> tag a^bei^jasf 'ttp 6 

catch block but it isn t P <c . ca, °j , s fc a lr y mat never needs lor has) a 
where you put the risky code. P js _/ eam this tag for exactly what it 
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What if you weed a tag that's NOT iw JSTL? 

The JSTL is huge. Version 1.1 has five libraries—four with custom tags, and one 
with a bunch of functions for String manipulation. The tags we cover in this book 
(which happen to be the ones you’re expected to know for the exam) are for the 
generic things you’re most likely to need, but it’s possible that between all five 
libraries, you’ll find everything you might ever need. On the next page, we’ll start 
looking at what happens when the tags below aren’t enough. 


The “Core” library 

General-purpose 

<c:out> 

<c:set> 

<c:remove> 

<c:catch> 

Conditional 

<c:if> 

<c:choose> 

<c:when> 

<c:otherwise> 

URL related 

<c:import> 

<c:url> 

<c:redirect> 

<c :param> 

Iteration 

<c:forEach> 

<c:forTokens> 



We didn 't tover -this one... rt lets 
you iterate over tokens where '/OU 
give it the delimiter. Works a lot 
like StringTokenizer. We also didn’t 
Cover <£:redireit> and <C : out>, but 
that gives you a wonder-ful excuse 
to get the JSTL dots. 


The “Formatting” library The “XML” library 


Internationalization 


Core XML actions 


<fmt:message> 

<x:parse> 

<fmt:setLocale> 

<x:out> 

<fmt:bundle> 

<x:set> 

<fmt:setBundle> 


<fmt:param> 

XML flow control 

<fmt:requestEncoding> 

<x:if> 


<x:choose> 

Formatting 

<x:when> 

<fmt:timeZone> 

<x:otherwise> 

<fmt:setTimeZone> 

<x:forEach> 

<fmt:formatNumber> 


<fmt:parseNumber> 

Transform actions 

<fmt:parseDate> 

<x:transform> 


<x:param> 

The “SQL” library 

o 

Database access 

/ Q . 

<sql:query> 

<sql:update> 

<sql:setDataSource> • 

<sql:param> 

<sql:dateParam> 

, Only the “core” library is 

jf \\c\aX covered on the exam. 

^ The “core” library (whichi by 

^ exam ' 

into them. B ^ 0U f e JmL transformation 

the y’re available. T ^ your/jfe jfyou 

tags, for examp feeds Wr/f/fig yo ur 

have to process R g . s0 make 

\ b^oreyo^wrrte one that you’re not 

\ reinventing the wheel. . 
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Using a tag library that's NOT from the 4STL 


Creating the code that goes behind a tag (in other words, the Java code 
that’s invoked when you put the tag in your JSP) isn’t trivial. We have a 
whole chapter (the next one) devoted to developing your own custom 
tag handlers. But the last part of this chapter is about how to use custom 
tags. What happens, for example, if someone hands you a custom tag 
library they created for your company or project? How do you know what 
the tags are and how to use them? With JSTL, 
it’s easy—the JSTL 1.1 specification documents 
each tag, including how to use each of the 
required and optional attributes. 

But not every custom tag will come so nicely 
packaged and well-documented. You have 
to know how to figure out a tag even if the 
documentation is weak or nonexistent, and, 
one more thing—you have to know how to 
deploy a custom tag library. 


Main things you have to know: 
(?) The tag name and syntax 


To vise a custom library- 

you 1VP3ST readme TLD. 

Everytovgy° uneedt0 

in there. 


The tag has a name, obviously. In <c:set>, the tag name is set, and 
the prefix is c. You can use any prefix you want, but the name 
comes from the TLD. The syntax includes things like required 
and optional attributes, whether the tag can have a body (and 
if so, what you can put there), the type of each attribute, and 
whether the attribute can be an expression (vs. a literal String). 

© The library URI 


The LTRI is a unique identifier in the Tag Library Descriptor 
(TLD). In other words, it’s a unique name for the tag library the 
TLD describes. The URI is what you put in your taglib directive. 
It’s what tells the Container how to identify the TLD file within 
the web app, which the Container needs in order to map the tag 
name used in the JSP to the Java code that runs when you use 
the tag. 
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Making sense of the TIP 


The TLD describes two main things: custom tags, and EL functions. We 
used one when we made the dice rolling function in the previous chapter, 
but we had only a <function> element in the TLD. Now we have to look 
at the <tag> element, which can be more complex. Besides the function we 
declared earlier, the TLD below describes one tag, advice. 


it- 


r iw 


<?xml version="l.0" encoding="ISO-8859-l" ?> 

<taglib xmlns="http://java.sun.com/xml/ns/j2ee 
xmlns:xsi="http://www.w3.org/2 001/XMLSchema-instance 
xsi:schemaLocation="http://java.sun.com/xml/ns/j 2ee/web-j sptaglibrary_2_0.xsd 
version="2.0"> 


<tlib-version>l.2</tlib-version> 


<short-name>RandomTags</short-name> , 

<function> 

<name>rollIt</name> 

<function-class>foo.DiceRoller</function-class> 
<function-signature>int rollDice()</function-signature> 
</function> 


, f We value)- the At^tr 

- MMMmY, «»jy ^ ui, , 


use-. 


The EL -function we 
USed ih ihe Chapter. 


<uri>randomThings</uri> 

<tag> 


*»•« we use 
,n the taglib directive/ 


0yt'« 




W. 3 ** ' ia " 


inside 


<description>random advice</description> ; 

<name>advice</name> <r~ ^Rgp! 

<tag-class>foo. AdvisorTagHandler</tag-class> / _ C,onta w ' e ' r c We taV Y ' 3 

^ T,eor>e u ses v 


so^ c 


<body-content>empty</body-content> 


<attribute> 


RSQUIRBV/ This says that the tag 
«ust HOT have anything in the body. 

• l| your tag has attributes, then one <attribute> 
element per tag attribute is required. 

<name>user</name> - - 

This says you MUST put a 
<required>true</required> ''j useir attribute in the tag. 

u » a ttributf tan be 3 

<rtexprvalue>true</rtexprvalue> -py,-, s says the u^r (»-e- 


</attribute> 


doesn't have 


</tag> 

</taglib> 


you are here ► 477 



reading the TLD 


Using the custom Advice" tag 

The “advice” tag is a simple tag that takes one attribute—the user 
name—and prints out a piece of random advice. It’s simple enough 
that it could have been just a plain old EL function (with a static 
method getAdvice(String name)), but we made it a simple tag to 
show you how it all works... 


The TLD elements for the advice tag 

<taglib ...> 


<ur i >randomThings< / ur i > 

<tag> 

<descriptior n advice</description> 

<name>advic s> 

<tag-cl^|p>i LsorTagHandler</tag-class> 

<body-c#nter j^/body-content> 

<attri*ute> 

<nime>user</name 
<^tequi^ed>true</rSauir3 l> 
rtexpr#alue>true</rtex ipvalue> 
</alftribut|> 

</tag> 

</taglib I. . .> 


JSP that uses the tag 

<html>4body> 

<%@ taglib 

Advisor 


a.ge<br^j 



This is the same taO) YOW sa'N 
or. -the previous ? ao>e, b*t 

without tbe annotations- 


■ tthes tv ' e 




ndomThings" %> 


If* to use EL here, became tbe <rte*f>revalue> 
v in the TLD is set to "true" £>r the user attribute- 

<mine: advice user="$ {userName }" /> (/\ssume the "userName attribute already e*i 


</body></html> 


T 

The TLD says the tag can't have a body, so we made it 
? ty tag (which means the tag ends with a slash!. 


an emi 


c-ach library y 0 „ , 

7 you use m a pan, 
needs its own -/-jnl L j- , ° e 
with . • d'^i ive 

th 3 " h >e pre-fix. 
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the custom tag handler 


This simple tag handler extends SimpleTagSupport (a class you’ll 
see in the next chapter), and implements two key methods: doTagO, 
the method that does the actual work, and setUser0, the method 
that accepts the attribute value. 

Java class that does the tag work 

package foo; 

import javax.servlet.jsp.JspException; _ ^ 

import j avax.servlet.j sp.tagext.SimpleTagSupport; S'^leTao^ov-l 

import java.io.IOException; things *e m y 

public class AdvisorTagHandler extends SimpleTagSupport { 


private String user; 


The Con-ta'i"^ tails do 
the taO) ^ the name 


t* I 0 ? 


detlared in the TLP- 


public void doTagO throws JspException, IOException { 

getJspContext().getOut().write( "Hello " t user + " <br>" ); 

getJspContext().getOut().write( "Your advice is: " + getAdviceO ); 


public void setUser(String us 

this.user=user; 


String getAdviceO { 

String!] adviceStrings = {"That color's not working for you.". 



"You should call in sick.", "You might want to rethink that haircut."}; 


int random = (int) (Math.random() * adviceStrings.length); 


return adviceStrings[random]; 


(V O'M*' ,Y ' 


Tevnal method- 
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Pay attention to <rtexprvalue> 

The <rtexprvalue> is especially important because it tells you 
whether the value of the attribute is evaluated at translation or 
runtime. If the <rtexprvalue> is false, or the <rtexprvalue> isn’t 
defined, you can use only a String literal as that attribute’s value! 

If you see this: 

<attribute> 

<name>rate</name> 

<required>true</required> 
<rtexprvalue>false</rtexprvalue> 
</attribute> 


OR this: 


<attribute> 

<name>rate</name> 

<required>true</required> 


</attribute> 


|{ Cere's no c.W'raluO, 
•the de&ul-t lS Wse 


Then you know THIS WONT WORK! 


<htmlxbody> 

<%@ taglib prefix="my" uri="myTags"%> 

MO I This must 

<my:handlelt rate="${currentRate}" /> a 

</body></html> ^ 


MOT be an 
must be a 


O: 

VT You still didn't answer the question about how you know what type 
the attribute is... 


A i 

We'll start with the easy one. If the <rtexprvalue> is false (or not there 
at all), then the attribute type can be ONLY a String literal. But if you can 
use an expression, then you have to hope that it's either dead obvious from 
the tag description and attribute name, OR that the developer included the 
optional <type> subelement of the <attribute> element. The <type> takes a 
fully-qualified class name for the type. Whether theTLD declares the type or 
not, the Container expects the type of the expression to match the type of 
argument in the tag handler's setter method for that attribute. In other words, 
if the tag handler has a setDog(Dog) method for the "dog" attribute, then the 
value of your expression for that attribute better evaluate to a Dog object! (Or 
something that can be implicitly assigned to a Dog reference type.) 
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<rtexprvalue> is NOT just for EL expressions 


You can use three kinds of expressions for the value of an attribute (or tag 
body) that allows runtime expressions. 

(?) EL expressions 

<mine:advice user="${userName}" /> 


(g) Scripting expressions 

Cmine: advice user='<%= recruest. cretAttribute ("username") %>' /> 



(3) <jsp:attribute> standard actions 


<mine:advice> 


<jsp:attribute name="user">${userName}</jsp:attribute> 
</mine:advice> 


What is this?? I thought this tag didn't have a body... 
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tag bodies 


What caw be iw a tag body 

A tag can have a body only if the <body-content> element for this tag is 
not configured with a value of empty. The <body-content> element can 
be one of either three or four values, depending on the type of tag. 


a body 


, .1 mot have ■ 

<body-content>empty</body-content> The bag ,, ■ 

Tk ' t IUm 

<body-content>scriptless</body-content> stx-ipt'ng ' , 1 and t'* s bo"' 

^ e „,p\abe be*t a 

<body-content>tagdependent</body-content> The bag body is breabed as plain be*b, so bhe EL is 

HOT evaluabed and bags/atbions are nob bviggev-ed 


<body-content>JSP</body-content> 


The bag body tan have anybhing bhab tan go inside a JSP. 


THREE ways to invoke a tag that can’t have a body 


Each of these are acceptable ways to invoke a tag configured in 
the TLD with <body-content>empty</body-content>. 


© 


An empty tag 

<mine:advice user="${userName }" 


/> 


(2) A tag with nothing between the opening and closing tags 


<mine:advice user="${userName }"> </mine:advice> 


\ 




(3) A tag with only <jsp:attribute> tags between the opening and closing tags 


<mine:advice> 

<jsp:attribute name="user">${userName}</j sp:attribute> 

</mine:advice> 


'js r .«rcrriDute> tag ,s the ONLY bhing you ean P ub bebween 

ellyP V 3 ^ Wlth ^ <body-Lbenb> o-f 

<is[M al ^ e ^ bhe abbv-ibubes in, bub 

<jsp abbnibube> bags don b tounb as “body Conbenb" 
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The tag handler: the TIP, and the JSP 

The tag handler developer creates the TLD to tell both the 
Container and the JSP developer how to use the tag. A JSP 
developer doesn’t care about the <tag-class> element in 
the TLD; that’s for the Container to worry about. The JSP 
developer cares most about the uri, the tag name, and the tag 
syntax. Can the tag have a body? Does this attribute have to 
be a String literal, or can it be an expression? Is this attribute 
optional? What type does the expression need to evaluate to? 

Think of the TLD as the API for custom tags. You have to 
know how to call it and what arguments it needs. 


JSP that uses the tag 

<%e tagUb prefi^ne \ 

Advisor Page<b^ 

advice user="$ {userNarae} " /> 

<mine:advic 

</body><\^ ll> 

TLD file 

^glib . . .> 


TLD ■« 


AdvisorTagHandler class 

void doTag () { 

// tag logic 

} 

| void setUser(String user) 

this.usef=user; I 


<uri: 


w , 

>-randomThings</uri> 


2.g> 

<d5>s£iij.p!tion>random ad^ce</d§^cription> 
<name>adv±ce</name> 

<tag-class>%oo. AdvisorTagHandler</tag-class> 

<body-contenY>emg^</body-content> 

<attribute> 

<name>user</name> 

<required>true</required> 
<rtexprvalue>true</rtexprvalue> 
</attribute> 

</tag> 


you are here ► 483 









the taglib <uri> 


the taglib <uri> is just a name, wot a location 


The <uri> element in the TLD is a unique name for the tag library. That’s it. It 
does NOT need to represent any actual location (path or URL, for example). It 
simply has to be a name— the same name you use in the taglib directive. 


“But,” you’re asking, “how come with the TSTL it gives the full URL to the library?” 

This L00& V.kc a IARU fo 

, _but its not- 


The taglib directive for the JSTL is: 

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core 


a vjeb resource, but 5 


The web Container doesn’t normally try to request something from the uri in the 
taglib directive. It doesn’t need to use the uri as a location ! If you type that as a 
URL into your browser, you’ll be redirected to a different URL, one that has 
information about JSTL. The Container could care less that this particular uri 
happens to also be a valid URL (the whole “http://...” thing). It’s just the 
convention Sun uses for the uri, to help ensure that it’s a unique name. Su 
could have named the JSTL uri “java_foo_tags” and it would have worked in 
exactly the same way. All that matters is that the <uri> in the TLD and the uri in 
the taglib directive match! 


be -formatted as 


As a developer, though, you do want to work out a scheme to give your libraries 
unique <uri> values, because <uri> names need to be unique for any given web 
app. You can’t, for example, have two TLD files in the same web app, with the 
same <uri>. So, the domain name convention is a good one, but you don’t 
necessarily need to use that for all of your in-house development. 


Having said all that, there is one way in which the uri could be used as a location, 
but it’s considered a really bad practice—if you don’t specify a <uri> inside the 
TLD, the Container will attempt to use the uri attribute in the taglib directive as a 
path to the actual TLD. But to hard-code the location of your TLD is obviously a 
bad idea, so just pretend you don’t know it’s possible. 


Ue Container looks for a 

between the <uri> in the Tp and 
uri value in the taglib «brecbve- 
Tbe uri does $0T have to be the 

location oftiie actual tag handler. 


484 chapter 9 



using JSTL 


The Container builds a map 

Before JSP 2.0, the developer had to specify a mapping between the <uri> in the TLD and 
the actual location of the TLD file. So when a JSP page had a taglib directive like this: 

<%@ taglib prefix="mine" uri="randomThings"%> 

The Deployment Descriptor (web.xml) had to tell the Container where the TLD file with a 
matching <uri> was located. You did that with a <taglib> element in the DD. 


The OLD (before JSP 2.0) way to map a taglib uri to a TLD file 

<web-app> 

<j sp-config> 

<taglib> 

<taglib-uri>randomThings</taglib-uri> 

<taglib-location>/WEB-INF/myFunctions.tld</taglib-location> 
</taglib> 

</j sp-config> 

</web-app> 


, he pp, "f 

Tl D fo attwd 


The NEW (JSP 2.0) way to map a taglib uri to a TLD file 
No <taglib> entry in the DD! 

The Container automatically builds a map between TLD files and <uri> 
names, so that when a JSP invokes a tag, the Container knows exactly where to find the 
TLD that describes the tag. 

How? By looking through a specific set of locations where TLDs are allowed to live. 
When you deploy a web app, as long as you put the TLD in a place the Container will 
search, the Container will find the TLD and build a map for that tag library. 

If you do specify an explicit <taglib-location> in the DD (web.xml), a JSP 2.0 Container 
will use it! In fact, when the Container begins to build the <uri>-to-TLD map, the 
Container will look first in your DD to see if you’ve made any <tagiib> entries, and if 
you have, it’ll use those to help construct the map. For the exam, you’re expected to 
know about <taglib-location>, even though it’s no longer required for JSP 2.0. 

So the next step is for us to see where the Container looks for TLDs, and also where it 
looks for the tag handler classes declared in the TLDs. 
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TLD locations 


Four places the Container looks for TIPs 

The Container searches in several places to find TLD files—you 
don’t need to do anything except make sure your TLDs are in one 
of the right locations. 

(?) Directly inside WEB-INF 
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Whew a JSP uses more thaw owe tag library 

If you want to use more than one tag library in a JSP, do a separate taglib 
directive for each TLD. There a few issues to keep in mind... 

^ Make sure the taglib uri names are unique. In other words, don’t put 
in more than one directive with the same uri value. 

^ Do NOT use a prefix that’s on the reserved list. 

The reserved prefixes are: 

jsp: 

jspx: 

java: 

javax: 

servlet: 

sun: 

sunw: 



Write in examples of the THREE different ways to 
invoke a tag that must have an empty body. 

(Check your answers by looking back through the chapter. No, 
we’re not going to tell you the page number.) 


© 


© 


© 
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TLD exercise 


Sharpen your pencil 

How the JSP, the TLD, and the 
bean attribute class relate 

Fill in the spaces based on the information that you 
can see in the TLD. Draw arrows to indicate where the 
different pieces of information are tied together. In other 
words, for each blank, show exactly where you found the 
information needed to fill in the blank. 



488 






using JSTL 



Test your Tag memory 
ANSWERS 


© Fill in the name of the optional attribute. 


The attribute that *' a "' es 
|ooy tounter variable- 


<c:forEach var="movie" items="${movieList}" 
${movie} 


varStatus 


foo" 


</c:forEach> 


> 


© Fill in the missing attribute name. 


test ="$ {userPref==' safety' }" > 


<c: if 

Maybe you should just walk... 
</c:if> 


© Fill in the missing attribute name. 

<c:set var="userLevel" scope="session'' 


The <e*et> ta* have a value, Wt 
tould thoose to ? ut the value j.the body 
otthe ta^ instead as a« attr.buie- 


value 


="foo" /> 


® Fill in the missing tag names (two different tag types), and the missing attribute name. 


<c:choose> 



<c: 


otherwise 


</c: 

</c:choose> 


Our brakes are the best. 

otherwise 


The <t : otherwise> ta 9 is oytior-al. 
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TLD exercise answers 


Sharpen your pencil 


How the JSP, the TLD, and the 
bean attribute class relate 
ANSWERS 
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Sxam (tyaftten 9 


Which is true about TLD files? 

□ A. TLD files may be placed in any subdirectory of WEB-INF. 

□ B. TLD files are used to configure JSP environment attributes, 

such as scripting-invalid. 

□ C. TLD files may be placed in the META-INF directory of the 

WAR file. 

□ D. TLD files can declare both Simple and Classic tags, but TLD 

files are NOT used to declare Tag Files. 


Assuming the standard JSTL prefix conventions are used, 

which JSTL tags would you use to iterate over a collection of objects? 

(Choose all that apply.) 

Q A. <x : forEach> 

C_l B. <c:iterate> 

[_) C. <c:forEach> 

□ D. <c : forTokens> 

□ E. Clogic:iterate> 

□ F. <logic:forEach> 
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mock exam 


AJSP page contains a taglib directive whose uri attribute has the 
value myTags. Which deployment descriptor element defines the 
associated TLD? 

I—I A. <taglib> 

<uri>myTags</uri> 

<location>/WEB-INF/myTags.tld</location> 

</taglib> 

C_l B. <taglib> 

<uri>myTags</uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 
</taglib> 

I—I C. <taglib> 

<tld-uri>myTags</tld-uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 
</taglib> 

I—) D. <taglib> 

<taglib-uri>myTags</taglib-uri> 

<taglib-location>/WEB-INF/myTags.tld</taglib-location> 
</taglib> 


A JavaBean Person has a property called address. The value of this 
property is another JavaBean Address with the following string properties: 

streetl, street2, city, stateCode and zipCode. A controller servlet 
creates a session-scoped attribute called customer that is an instance of the 
Person bean. 

Which JSP code structures will set the city property of the customer 
attribute to the city request parameter? (Choose all that apply.) 


□ A. ${sessionScope.customer.address.city = param.city} 

□ B. <c:set target="${sessionScope.customer.address}" 

property="city" value="${param.city}" /> 

□ C. <c:set scope="session" var="${customer.address}" 

property="city" value="${param.city}" /> 

□ D. <c:set target="${sessionScope.customer.address}" 

property="city"> 

${param.city} 

</c:set> 
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Which <body-content> element combinations in the TLD 
are valid for the following JSP snippet? (Choose all that apply.) 

11. <my:tagl> 

12. <my:tag2 a="47" /> 

13. <% a = 420; %> 

14. <my:tag3> 

15. value = ${a} 

16. </my:tag3> 

17. </my:tagl> 

□ A. tagl body-content is empty 

tag2 body-content is JSP 

tag3 body-content is scriptless 

□ B. tagl body-content is JSP 

tag2 body-content is empty 
tag3 body-content is scriptless 

□ C. tagl body-content is JSP 

tag2 body-content is JSP 

tag3 body-content is JSP 

□ D. tagl body-content is scriptless 

tag2 body-content is JSP 
tag3 body-content is JSP 

Q E. tagl body-content is JSP 

tag2 body-content is scriptless 
tag3 body-content is scriptless 


6 


Assuming the appropriate taglib directives, which are valid 
examples of custom tag usage? (Choose all that apply.) 

LJ A. <foo:bar /> 

□ B. <my: tagX / my: tag> 

□ C. <mytag value="x" /> 

□ D. <c:out value="x" /> 

I—) E. <jsp:setProperty name="a" property="b" value="c" /> 
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mock exam 


Given the following scriptlet code: 

11. <select name='styleld' > 

12. <% BeerStyle[] styles = beerService.getStyles(); 

13. for ( int i=0; i < styles.length; i++ ) { 

14. BeerStyle style = styles[i]; %> 

15. <option value='C%= style.getObjectID() %>'> 

16. <%= style.getTitle() %> 

17. </option> 

18. <% } %> 

19. </select> 


Which JSTL code snippet produces the same result? 


□ A. <select name='styleld' > 

<c:for array='${beerService.styles}' > 

Coption value='${item.objectID}'>${item.title}</option> 
</c:for> 

</select> 

□ B. <select name='styleld' > 

<c:forEach var='style' items='${beerService.styles}'> 

Coption value='${style.objectID}'>${style.title}</option> 

</c:forEach> 

</select> 

□ C. Cselect name='styleld' > 

<c:for var='style' array='${beerService.styles}'> 

Coption value='${style.objectID}'>${style.title}C/option> 

C/c:for> 
c/select> 

□ D. Cselect name='styleld' > 

Cc:forEach var='style' array='${beerService.styles}' > 

Coption value='${style.objectID}'>${style.title}C/option> 

C/c:for> 
c/select> 
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1 



(tyafit&i $ /tctteuenA 


Which is true about TLD files? 


A. 


TLD files may be placed in any subdirectory of WEB-INF. 


(JSP v2--0 . 


□ B. 


TLD files are used to configure JSP environment attributes, 
such as scripting-invalid. 


-Option B is invalid bedause TLP 
■files donf igure tag handlers not 
the JSP environment- 


□ C. TLD files may be placed in the META-INF directory of the 
WAR file. 


-Option C is invalid bedause TLD 
f iles ave not redognized in the 
/HFTA-INF of the WAR file. 


□ D. 


TLD files can declare both Simple and Classic tags, but TLD 

files are NOT used to declare Tag Files. -Option D is invalid bedause 

Files way be dedlav-ed in 
a TLD (but it is v-av-e). 


2 


Assuming the standard JSTL prefix conventions are used, 

which JSTL tags would you use to iterate over a collection of objects? 


(Choose 

all that apply.) 

□ A. 

<x:forEach> 

□ B. 

<c:iterate> 

C. 

<c:forEach> 

□ D. 

<c:forTokens> 

□ E. 

Clogic:iterate> 

□ F. 

<logic:forEach> 


-Option A is indorredt as this is the tag 
used for iterating over )KPath expressions. 


Option B is indorredt bedause 
no sudh tag exists. 


-Option D is indorredt bedause 
this tag is used for iterating over 
tokens within a single string. 


-Options B and F are indorredt 
bedause the pref ix jogid’ is not a 
standard JSTL prefix (this prefix 
is typidally used by tags in the 
Jakarta Struts padkage). 


(JSTL *1.1 W- ^ 
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3 


AJSP page contains a taglib directive whose uri attribute has the 
value myTags. Which deployment descriptor element defines the 
associated TLD? 

I—I A. <taglib> 

<uri>myTags</uri> 

<location>/WEB-INF/myTags.tld</location> 

</taglib> 

C_l B. <taglib> 

<uri>myTags</uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 

</taglib> 

d C. <taglib> 

<tld-uri>myTags</tld-uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 

</taglib> 

^ D. <taglib> __ p s^ti-fies 

<taglib-uri>myTags</taglib-uri> wa y la* elements. 

<taglib-location>/WEB-INF/myTags.tld</taglib-location> 
</taglib> 


(OSP *2-0 


4 


A JavaBean Person has a property called address. The value of this 
property is another JavaBean Address with the following string properties: 

streetl, street2, city, stateCode and zipCode. A controller servlet 
creates a session-scoped attribute called customer that is an instance of the 
Person bean. 


(JSTL- ''I I W*' 2 ® 


Which JSP code structures will set the city property of the customer 
attribute to the city request parameter? (Choose all that apply.) 


□ A. 
B. 

□ C. 

5^ D. 


${sessionScope.customer.address.city = param.city} 

<c:set target="${sessionScope.customer.address}" 
property="city" value="${param.city}" /> 


-Opiion A > s invalid 
because P-L does *\ol 
permii assignment- 


<c:set scope="session" var="${customer.address}" 
property="city" value="${param.city}" /> 

<c:set target="${sessionScope.customer.address}" 
property="city"> 

${param.city} 

</c:set> 


-Option C is invalid 
because tbe vav attribute 
does not attept a 
runtime valuei nor does it 
work with tbe proper-ty 
attribute- 
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5 


Which <body-content> element combinations in the TLD 
are valid for the following JSP snippet? (Choose all that apply.) 


11. <my:tagl> 

12. <my:tag2 a="47" /> 

13. <% a = 420; %> 

14. <my:tag3> 

15. value = ${a} 

16. </my:tag3> 

17. </my:tagl> 


-Taojl includes scripting ^ode so 't must have at 

least 'JSP' body-£onte«t. W « wl Y s ^)cP' 
as a, empty tag, but it could aUoConta.n JSP 
ov 'sdriptless' body-content- Tag3 ^o^ms no 
stv. ? tm5 Code so it may have e.ther JSP or 


□ A. 

5^ B. 

& c. 

□ D. 
^ E. 


tagl body-content is empty 

tag2 body-content is JSP 

tag3 body-content is scriptless 

tagl body-content is JSP 

tag2 body-content is empty 

tag3 body-content is scriptless 

tagl body-content is JSP 
tag2 body-content is JSP 
tag3 body-content is JSP 

tagl body-content is scriptless 
tag2 body-content is JSP 
tag3 body-content is JSP 

tagl body-content is JSP 

tag2 body-content is scriptless 

tag3 body-content is scriptless 


—Option A |S invalid 

because tagl cannot 
be 'empty'- 


-Option D is invalid 
because tagl cannot 
be 'sdriptless’. 


Assuming the appropriate taglib directives, which are valid 
examples of custom tag usage? (Choose all that apply.) 

A. <foo:bar /> 

^ B. <my : tagX/my: tag> 

□ C. <mytag value="x" /> -Option C is invalid because 

3D. <c : out value="x" /> there is no prefi*- 

I—) E. <jsp:setProperty name="a" property="b" value="c" /> 


(JSP vZ-° 


section J’* 


-Option £ is invalid because this is an example o-f 
a JSP standard action, not a Custom tag. 


30 ) 
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mock answers 


Given the following scriptlet code: 

11. <select name='styleld' > 

12. <% BeerStyle[] styles = beerService.getStyles(); 

13. for ( int i=0; i < styles.length; i++ ) { 

14. BeerStyle style = styles[i]; %> 

15. <option value='C%= style.getObjectID() %>'> 

16. <%= style.getTitle() %> 

17. </option> 

18. <% } %> 

19. </select> 


(JSTL vl.l ft b ' / ' r ® ) 


Which JSTL code snippet produces the same result? 


□ A. <select name='styleld' > 

<c:for array='${beerService.styles}' > 

Coption value='${item.objectID}'>${item.title}</option> 

</c:for> 

</select> -Option B. is dow-edi bedause it uses ibe 

^ B. <select name=' styleld' > pvofev- JSTL "taj/attribute ina**>es. 

<c:forEach var='style' items='${beerService.styles}'> 

Coption value='${style.objectID}'>${style.title}</option> 

</c:forEach> 

</select> 

□ C. Cselect name='styleld' > 

<c:for var='style' array='${beerService.styles}'> 

Coption value='${style.objectID}'>${style.title}C/option> 

C/c:for> 
c/select> 

□ D. Cselect name=' styleld' > 

Cc:forEach var='style' array='${beerService.styles}' > 

Coption value='${style.objectID}'>${style.title}C/option> 

C/c:for> 
c/select> 
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10 custom tag development 


When even JSTL is not 



Sometimes JSTL and standard actions aren’t enough. 

When you need something custom, and you don t want to go back to scripting 

you can write your own tag handlers That way, your page designers can use 
your tag in their pages, while all the hard work is done behind the scenes in 
your tag handler class But there are three different ways to build your own tag 
handlers so there s a lot to learn Of the three, two were introduced with JSP 2 0 
to make your life easier (Simple Tags and Tag Files) But you still have to learn 
about Classic tags for that ndiculously rare occasion when neither of the other 
two will do what you want. Custom tag development gives you virtually unlimited 
power, if you can learn to wield it. 


tills Is a new chapter 
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official Sun exam objectives 



Building a Custom Tag Library 


Coverage Notes: 


10.1 Describe the semantics of the "Classic" custom 
tag event model when each event method 
(doStartTagO, doAfterBody(), and doEndTagO) 
is executed, and explain what the return value 
for each event method means: and write a tag 
handler class. 

10.2 Using the PageContext API, write tag handler 
code to access the JSP implicit variables and 
access web application attributes. 

10.3 Given a scenario, write tag handler code to 
access the parent tag and an arbitrary tag 
ancestor 

10.4 Describe the semantics of the “Simple” custom 
tag event model when the event method 
(doTag()) is executed; write a tag handler 
class, and explain the constraints on the JSP 
content within the tag. 

10.5 Describe the semantics of the Tag File mode); 
describe the web application structure for 
tag files; write a tag file; and explain the 
constraints on the JSP content in the body of 
the tag. 


Although objective 10.1 doesn't explicitly 
mention the lifecycle methods assoiiat/d with 
Bodying (dnlnitBadyt) mid setRodrContexlO), 
you ciiii expect to see them mi the exam! 
Everything mu need to know related to (’lassie 
lags is covered in this chapter , including things 
rou might not infer from objective 10.1. 

Objective 10.2 (PageContext API) is covered 
only very briejly in this chapter , because most of 
what YOU need to kuaw about the PageContext 
API has already been covered earliei in the book. 
Virtually all oj this objective is about using 
PageContext to access implicit variables and 
scoped attributes, both covered in the "Script/ess 
JSP" chapter, although .i r do provide a one-page 
summon again in this chapter. 
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custom tag development 


I like the idea of having reusable 
, chunks, but <jspuncludo and <c:import> 
f aren't perfect. There's no standard for 
directories to put the included files in, the 
p JSP is hard to read, and the fact that you 
( moke new request parameters to send 
V something to the included file feels 
_ wrong 




Includes and imports can be messy 

Using <jsp:includr> or <c:import> Iris you add reusable 
chunks of content, dynamically, to your pages. And you 
can even customize how the included file behaves by 
setting new request parameters that the int luded lib- 
can use. 

Sure, it works fine. Hut should you really have to create 
new trqual pntanuim just to give the imludrd file some 
customizing informal ion? 

Aren’t request parameters supposed to represent form 
data sent from the i/imt as part of the request? While 
there might be good reasons to add or change request 
parameters in your app, using them to send something to 
the included file isn’t the cleanest approach. 

Until JSP ‘1 (I there wasn't .1 standard way lo deploy 
included files you could pul the included pieces just 
about anywhere in the web app. And a JSP w ith a bunch 
of <jsp:include> or <c:imporl> tags isn’t the easiest 
thing to read. Wouldn’t it be better if the tag itself told 
you something about the thing being included? Wouldn’t 
it l»e nice to say something like: 


<x:logoHeader> or <x:navliar> 

You know ttfie/v this is going... 
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Tag c iles 


Tag Files: like include , only better 

With Tan l ilt s, you ran invoke reusable foment using a custom tag 
instead • *t the generic <jsjj:incliide> or <c:import>. You can think ol" Tag 
Files as a kind ol "lag handler lile". Itecause lliey let page developers 
create custom lags, without having to write a complicated Java tag 
handler class, hut lag Files arc really just glorified includes, 


Simplest way to make and use a Tag File 

(l) Take an included file (like “Header.jsp") and 
rename it with a .tag extension. 

<img src="images/Web-Services. jpg" > <vbr » 

11 ihe eni,re f'k member, w« shrined Ac 
£ be wast'd tb e f lrg i j S p 7 • 10 the y 


HZPi 


rename 


Header j sp 




Header tag 


(2) Put the tag file ("Header.tag") in a directory 
named “tags" inside the "WEB-INF" directory. 


( 3 ) Put a taglib directive (with a tagdir attribute) in 
the JSP, and invoke the tag. 

<%0 taglib prefix»"myTags" tagdir ""/WEB-INF/tags" %> 

vhtmls.bodys ' \ rj th f attests m f c 

<myTags:Header/> ^ T/1). f , the kh 

^ +or “3 M*-avi 

Welcome to our site. m 0 

</bodyx/htmI> <jiy mds.de pay- Header jip /> 

we rxjw bare 

<»yTay Header/> 



uri 

ie*. 
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Put how do you send it parameters? 

When we included a file using <jsp:inrlude>, we used the <jsp:param> 
tag inside the <jsp:include> to pass information to the included Ills*. To 
refresh your memory on how it works with <jsp:include>: 


The old way: An included file that uses a param 
(coming from a <jsp:param> in the calling JSP) 

<img src-"images/Web-Services.jpg" > <br> 

•:-m • strong $ {param. subTitie} /strong c/em> 


A 


.. t tKtC0M 




The old way: The JSP with the <jsp:include> 
and <jsp:param> 


<html 


dyf 



Seb» ^ V 

^ OT^R «V e5t 


<Jsp: mclurjjt page="Header. jsp’’> 

<jsp:param name="subTitle" value="Wo take the sting out of SOAP." /> 
</jsp:include> 


<br> 

its LnitParam. 

</body></html ■ 


The result 



Contact us at likewccare*? wickedlvsmwt.com -r, 

^ Tlu*Binthe 

JSP 
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Tag File ittributes 


To a Tag File, you don't send request parameters , 
you send t ag attributes! 

You invoke .1 lag Hie with a tag. and tag* can have attributes. Su it's only 
natural that the lag File developer might want n> invoke the lag with attributes... 
attributes that gel sent to the Tag File. 

Invoking the tag from the JSP 

Before (using <jsp:param> to set a request parameter) 

•jsp: include page-"Header. jsp" ■ 

<jsp:param name«"subTitle" value«"We take the sting out of SOAP. 

</jsp:include> 

After (using a Tag with an attribute) 

<myTags:Header subTitle="Wo take the String out of SOAP" /> 


Using the attribute in the Tag File 

Before (using a request param value) 

•an . • i ;.ncj ${param. subTitle} '/s\ :onq>- /em 

After (using a Tag File attribute) 

<etr <str ng ${subTitle) /strong></em> <br • 


,neU«a w 



out of scope! 

^ fo » d-r about 

a request parameter That snot the aomo as ^ ^ app as though « came 

The name/value pair (or the <jsp p _ _„„„ c nnNT like using it—the 

i„ Wll h a form submission. That included tile "ends up visible to any compn. 
TnZheTebZthstis a pad of »* requesl (such as servlets or JSPs to which 
the request is forwarded). . . f Tag Flles is that they're scoped to 

<„ tM lib pr-K-WTW *> 

<hunixbody> t . M tM string oat of SOAP" /> 

<oyr»g»:«.»<lot subTitle Tk , 

<br> TWu ^ l j tto^e 

$ {subTitle) f- 

</body></html> 


504 chapter 10 



custom rag development 



Aren't tag attributes 
declared in the TIP? 


With custom tags. including the JSTL, the lug attributes 
arc defined in the I 1.1 ). Remember? This is the 1 LD 
IVoin the custom <my:adviee> tax hum the last chapter: 

<tag> 

<description>randotn advicec/description> 
<name>advice</name> 

<tag-class>foo.AdvisorTagHandler</tag-class> 

<body-content>empty</body-content> 

<attribute> 

<najne>user</naroe> 

<required>tru«</required> 

<rtexprvalue>true</rtexprvalue> 


</attribute> 


</taq> 


So, these are the things the developer who is using a tag 
Meeds to know. What’s the attribute name? Is it optional 


..»• a.xli ■ t ( * vi •« I . .« »•« Mi»t r*». -*..»» . . • nstlrt <• I • • • 

* m i« tjunui. v-.ttt m • tin » ,\jm t*i must it m 


.••l» -I 
"lilt (I 


String literal? 


But while Non do specify r udoni lug attributes in a TLD. you 
do N( )T specify tagjih altrilnttcs in a 11.1)' 

That means we still h.tve a problem—how does the page 
developer know what attributes the tag accepts and/ot 
requires? Turn the page... 
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attribute directive 


Tag Fiks use the at tribute directive 


There's .1 shiny new tvpr nl directive, and it's just [dr Tag 
Files. Nothing else can use it. It’s just like die <nltribute> suh- 
element in the <tag> section of the TLD lor a custom tag. 


Inside the Tag File 
(Header.tag) 


TV* 




0* 


atb-'' 0 * 


L 


(•t he a 
String I'teval OR 

an e*yct«.on 


4 


<%@ attribute name-"subTitie" required-"true" rtexprvalue»"true" %> 

<img s r e= "images/Webber vice# . jpg" bi 

' era - strong ${subTi##fe} /st/ongx/em • br 


Inside the JSP that 
uses the tag 


<%9 taglib prefix="my/ags" tagdir="/WEB-INF/tags" 
<htralxbody> 

•OnyTags:Header subTRle*"We take the String out of SOAP" /> 


<br> 

Contact us at: $ (in: tParam.mai nEniai 1 | 
</body></html :• 


What happens if you 
do NOT have the 
attribute when you 
use the tag 


<myTags:Header /> 

, s 

' 0u tan'i A a 1, 



http .viocaHiost 8080/te5ts/Contact.^p 




t.S in a Huuhell Colorado C apin home Vlailtdot Ne Hai ruitrt orkul - home ixvabo 


HTTP Status 500 


Type: Exception report 

Description The server encountered an internal error () that prevented it tram tulfillrg this request 
Exception 

org.apache.jasper.JasperException: /Contact.jsp(1,61) According 
to the TLD or the tag file, attribute subTitle is mandatory for tag 
Header 

org.apache.jasper.compiler.DelaultErrorHandler.japError(Def aultErroiandler. 
java:83) 

org.apache.jasper compiler.ErrorDispatcher.dispatch(ErrorDispatcher 
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When an attribute value is really big 


Imagine you have a tag altrilmir dial might be a> lung as. say, a 
paragraph. Sticking that in the opening tag could get ugly. So. you can 
choose to put content in the body of the tag. and then use that as a kind 
of attribute. 

This time we ll lake the subTitle attribute out of the tag. and instead 
make it the both of the <m\Tags:Header> tag. 


Trust me on this. 
Sometimes it's good 
to have a BODY. 


Inside the Tag File 
(Header.tag) 


no letter netd 

atbnbvte atrclfc*' 


im-g sre-" images/Web-Services. Jpg" - br 
-rr ■ strong: <jsp:doBody/> :/strong - /em br 




This 


, , Tilce "hakver I* m the 
body ^ the used ho mvofce this 
ind stick rt here " 


Inside the JSP that 
uses the tag 


I lib prefix- w myTags* -INI ■aus" %> 

<htmi><body> 



<myTags:Header> 

We take the sting out of SOAP. OK, so it's not Jini,*br> 
nut we'li help you get through it with the ieast-'br > 
frustration and hair loss. 


</myTags:Hcador> 


<br> 

Contact us at; 
</bodyx/html' 


T'Jt^ZZ ikt ^ ~t*< 

*!< *» *■ tt* if *, 

Attribute in the opening 


S|initParam.mainEmailI 


But we re back to the same problem we had before—without 
a TLD, where do you declare the body-content type? 
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declaring body-content for a Tag File 

The only way to declare body-content type lor a Tag File is 
with another new T.ig File directive, tin- toe directive The 
hi" directive is the Tag File equivalent of the (mgr directive 
in ajSP page, and it lias a lot oT the same attributes plus an 
important one you won't find in (mgr directive body-content. 

For a custom tag. the <body-content> element inside the 
<tag> element of a 11.1) is mandatory! But a lag File does not 
have to declare <l»ody-content> if the default .1 rriptless is 
acceptable. A value of scriptless means you can’t have 
scripting elements. And scripting elements, remember, are 

smptUts (<".'■.>>), scriptlet expressions (<%= ... f»>i, and 

declarations f<°n! ... %>). 

In Tact. Tag File bodies ate never allowed to have scripting. 

so it*s not an option. But you ran declare body-content using 
the tag directive with a body-content attribute; if you want one 
of the other two options, rmptv or tagdependent. 

Inside the Tag File with a tag directive 
(Header.tag) 


You CANNOT use s cripting 
code in the body of a Tag 
File tag! 

TV body-content of a Tag 
File defaults to “scriptless", 
so you don’t have to declare 
body-content unless you 
want one of the OTHER 
two options 1 “empty" 
(nothing in the tag body) or 
“tagdependent" (treats the 
body as plain text). 


< %(? attribute natne="fontcolor" required="true" %> 


<%@ tag body-contr 


<img sre- lma' 
<em><£trong>< 


»u„ icd 

moiuc uac w r 

uses the tag 



t="tagdopondont" %> 

, Ue body-t^t « 




Tk. tk. 


s/Web- 
rit colei 


rvices.jpg" > <br> 

''$ifontColor) " <jsp:doBody/> : :i» ■ 1 i. j • :r; br 


■ tag lib g 

<html> 




tagdir-"/WEB-INF/tags" S> 

UhCoU" is detla«d a* 

cmyTags:Helder fontCcZLor-"#660099"> diwefc* * ^ J0 > 

We taJb^l^ sting out of SOAP. OK, so it's not Jini,<t>r> 
but we'II help you get through it with the least<br> 
frustration and hair loss. 

</myTags : Header> Tht type for Fb.s body-don-tef u 

» tk, Tj , fl . 

<br> dnrubve wrtK a body-W J? l i 

Contact us at: SlinitParatn.mainEmaill ' 

</bodyx/html> 


508 chapter 10 



Tag File locations 


custom tag development 


Where the Container looks for Tag Files 


The Container searches lor lay lilt s in four locations. A lay file 
MUS T have a 11.1) if it's deployed in a JAR. but if it’* put directly 
into die web app in “\VEB*INF/tat»s“ or a sub-directory \ it does 
not turd a TLD. 


Directly inside WEB-INF/tags 



Inside a sub-directory of 
WEBINF/tags 


webapps 


(3) Inside the META-INF/tags 
directory inside a JAR file 
that’s inside WEB-INF/llb 


MyTojtApp’ 


Inside a sub-directory of 
META-INF/tags inside a JAR 
file that’s inside WEB-INF/lib 




IF the tag file is deployed in 
W a JAR, there MUST be a TLD 
for the tag file. 


WEB-INF 


use Tog jsp 


classes 


morelags 


Nov Bar tog 


A Java 

handle * U} JJ* 


META-II 


Header tog 


AdvtsorToqHandler.elass 


TKe “Poofer fja 


myTags 


catalogTogs.tld 


CatalogHead tag 


Footer tag 
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tag file 


tfeWiesiions 


O: 

^ Does the Tag File have access to the request and 
response implicit objects? 


A: 

Xi Yes! Remember, even though it's a .tag file, it's 
gonna end up as part of a JSP. You can use the implicit 
request and response objects lif you do scripting the 
normal EL implicit objects are always there as well), and you 
have access to a JspContext as well. 

You don't have a ServletContext, though—a Tag File uses a 

JspContext instead of a ServletContext 


O: 

VA, I thought on the opposite page you just said we 
could not do scripting in a Tag File! 


A: 

_£\ No, that's not exactly what we said. You con do 
scripting in a Tag File, but you can't do scripting inside the 
body of the tag used to invoke the Tag File. 


O: 

Y, Can you combine Tag Files and TLDs for custom 
tags in the same directory? 


A: 

Yes. In fact, if you make a TLD that references your 
Tag Files, the Container will consider both Tag Files and 
custom t 2 cj$ m^otioOwd In tho same TLD 35 belon^iriQ tc the 
some library 


0 : 

Hold on—I thought you said Tag Files didn't 
have a TLD? Isn't that why you have to use an attribute 
directive? Since you can't declare the attribute in a TLD? 


A: 

Trick question. If you deploy your Tag Files in a JAR, 
they MUST have a TLD that describes their location. But rt 
doesn't describe attribute, body content, etc. The 


TLD entries for a Tag File describe only the location of the 
actual Tag File, 

The TLD for a Tag File looks like this: 
ctaglib_> 

<tlib-version> 1,0</tlib-version> 
<uri>myTagLibrary</uri> 

<tag-file> 

<name> Header</name> 
<path>/META-INF/tags/Header.tag</path> 
</tag-file> 

</taglib> 

Notice that declaring a <tag-file> is quite different from 
declaring an actual <tag>. 


0 : 

Why did they do it this way? Wouldn't it be so 
much simpler to just have custom tags and Tag Files 
declared the same way in a TLD? But NO... instead they 
had to come up with this whole other thing where you 
have to use new directives for defining the attributes 
and body-content. So, why are tags and Tag Files done 
differently? 


A : 


On ono hand, you. it would have been timplor 
if custom tags and Tag Files were declared in the same 


...TI r\ TV. 

way, ujmy a ill/, iii 


itr quaiiuii o, 3inipici 1 l/i vv/rimi: i ui a 


custom tag developer, sure. But Tag Files were added to the 
spec with someone else in mind— page designers. 


Tag Files grve non-Java developers a way to build custom 
tags without writing a Java class to handle the tag’s 
functionality. And not having to build a TLD for the 
Tag File just makes life easier for the Tag File developer. 
(Remember, Tag Files do need a TLD if the Tag File is 
deployed in the JAR, but a non-Java programmer might not 
be using JARs anyway.) 

The bottom line: custom tags must have a TLD, but Tag Files 
can declare attributes and body-content directly inside the 
Tag File, and need TLDs only if the Tag File is in a JAR. 
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eJharpen your pencil 


Memorizing Tag Files 

Before we move on to a new topic, make sure 
you can write one yourself (answers are at the 
end of the chapter). 


© Fill in what would you must put into a Tag File to declare that the Tag has one required 
attnbute. named “title'', that can use an EL expression as the value of the attribute. 


© 


© 


<%@ 


%> 

Fill in what would you must put into a Tag File to declare that the Tag must NOT have a body. 

<%@ 


%> 

Draw a Tag File document 

—V-] 

MyTostApp l 


in each of the locations 



where the Container will 
look for Tag Files 


_ 


WEB-INF 'I 
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custom tag handlers 


When you need wore than Tag Files... 
Sometimes you need Java 

Tag Files arc line when you're doing an include when all 
you need to handle the tag you can do from another JSP 
renamed with a .tag extension and with the appropriate 
directives added Blit sometimes you need more. Sometimes 
you need good old Jav a code, and you don't want to do it 
from scriptlcls. since that's what you're trying to prevent l>v 
using tags. 

When you need Java, you need a custom tag handler. A tag 
handler , as opposed to a tag file, is simply a Java class that docs 
the work of the tag. It's a little like an EL function, except 
much more powerful and flexible. Where El. functions are 
nothing more than sialic methods, a lag handler class has 
access to tag attributes, the lag body, and even the page 
context so it can gel scoped attributes and the request and 
response. 

Custom lag handlers come in two flavors: (.lassie and Simple. 
Classic tags were all you had in the previous version of JSP, 
but with JSP 2.0. a new and much simpler model was added. 

\’ioill havi a hard timi t tuning up with reasons t<> use the 
classic model whim you need a custom lag handler, because 
lhe simple model (especially combined withJSTL and lag 
files) can handle nearly anything you’d want to do. But we 
can’t dump the i lassie model for two reasons, and these two 
reasons are why you still have to learn it for the exam: 

1) Like scripting. Classic hie handlers are oul there , and you 
might need to read and support them, even if you never 
create one yourself. 

2) 1 here are those rare scenarios lor winch a cias.sk tag 
handler is the best choice. This is pretty obscure, though. So 
point #1 is by far the most important reason to learn about 
Classic tags. 

We’ll start with the Simple tag model first, to get warmed up. 


Tag files implement the tag 
Functionality with another 
page (using JSP). 


Tag handlers implement the 
tag Functionality with a 
special Java class. 


Tag handlers come in two 
Flavors- Simple and Classic . 
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Making a Simple tag handler 

For the- simplest of Simple lags, the process is ...linifilf. 

(?) Write a class that extends SimpleTagSupport 

package too; 

imp rt javax.servlet.jsp. fcagext.SimpleTagSupport; 

II more imports needed 


public 'lass SimpleTagTestl extends SimpleTagSupport 
II tag handler code here 

I 

(2) Override the doTag() method 


public void doTag() throws JspException, IOException ) 

retJspContextO.yetOut().print("This is the lamest use of a custom tag"!; 

^ deeUrei Jr *0 

@ Create a TLD for the tag ' ^ r ° *** ^ •* * try/eakh 


<taglib . ..> 

<tlib-version>l.2</tlib-version> 

<uri>simpleTaqs</uri> 

<tag> 

<description>worst use of a custom tag</description> 
<name>simplel</name> 

<tag-class>foo.SimpleTagTestl</tag-class> 

<body-content>empty</body-content> 

</tag> 

</taglib> 

(4) Deploy the tag handler and TLD 

Pul (lit- TLD in WEB-1 NT. and put tin- (an hanilli-r in>id«* 

WEB-INF/classes, using the package directors structure, 
ol course, In other words, tag handler classes go in the 
same place all other web app Java classes go. 


(4) Write a JSP that uses the tag 


<%@ taglib prefix="myTags" uri="simpleTags" %> 

<html><body> 

<myTags:simplel/> 

</bodyx/html> 





pc 

WEB4NF I 


ir~ 

1 

useTag jsp 



SimpleTagTestl.closs 
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getJspBody().invoke 


A Simple tag with a body 

If tIn* m ods a bod); the I I.1) <bodv-conlent> needs In relied lhat. 

and you need a special statement in ihe dnTagt method. 


The JSP that uses the tag 

<%@ taglib prelix="myTags" uri="sinpleTags" %> 
<htinl><body> 

Simple Tag 2: 

cmyTags; simple2> T 

This is the body s _. ^ ^ a * 

</myTags:simple2> 

</body></html> 


The tag handler class 

package foo; 

import javax.servlet.jsp.JspException; 

import javax.servlet.jsp.tagext.SimpleTagSupport; 

import j ava.io.IOException; 

public class SimpleTagTesti' extends SimpleTagSupport { 


public void doTagl) throws JspException, IOException I 

5etJSPB ° dy '’ inVO,<e '" 1M : - TW - IS— «. Wtf JftSTl 


The TLD for the tag 


<?xml version-*!.. 0" encoding^"ISO-8859-l” ?> 

< rani ib X5'.ins=“ht tp; / / j ava: sun: com/xml / ns f j 2ee " 
xmlnstxsl—"http*//wvw.wJ.org/2001/XMtSchema-in! i 

xsi:£ehemaLucation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd* ver- 
sion«**2*0*> 


<tlib-version>1.2</tlib-version> 

<uri>simpleTagc</uri> 

<tag> 


</tag> 

</taglib> 


• description>marginally better use of a custom tag</descrIption • 
<name>simple2</name> 

<ta g-c1ass> foo.Simp1eTagTest2</1ag-c1ass> 

<body-content>scriptless</body-content> ^ 

C+?r' WOTA> 


or detlaeat.oral 
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The Simple tag API 

A Simple lay handle) must implement the Simple''Ian interface. The 
easiest way ro do that is to extend SintpleTagSupport and override just 
the method you need, doTagl You don't have to use SunpleTugSupport. 
hut we reckon W.'J'rfltWI“» of simple tag developers do. 


JspTag interface 

(javax servlet jsp tagext JspTag) 


<< interface » 

JspTag 


ffno methods, this interface is for 
II organisation and polymorphism 


T 


SimpleTag interface 

Qavax servlet jsp tagext SimpleTag) 

_I_ 

«interface» 

_ SimpleTag _ 


mtddoTagO 
JspTag getParentl) 
void setJspBody(JspFragmnt) 
void seUspContextlJspConlexi) 
void setParmt/JspTag parent) 


SimpleTag Support 

(javax servlet isp.tagext.SimpleTagSupport) 


These art the 

.clhodv CrmUer tab 

tK ese a bj « ‘'"' oked 

Can you the order » 

^.ttTtheie methods are caWed 


Yov etvberui this! 


SimpleTagSupport 


void doTag() 

JspTag findAncestorWIthClass (JspTag. Class) 
JspFragment getJspBodyf) 

JspContext getJspContext(| 

JspTag getParentp 
void seUspBody) Jspf ragment) 
void seUspContextl JspContext) 
void setParent( JspTag parent) 


£ It also * '* ^ 

£o*iveni Cn£< , *" ree •"ore 

“ efiJ ^ 
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Simple tag handler lifecycle 


The life of a Simple tag handler 

When a JSI* invokes, a lag, a new instant e of the lag handler class is 
iitstaiuiated, two or more methods are called on the handler, and when 
the dnTag:: method completes, die handler object goes away. In other 
words, these handler objects arc not reused. 


Web Container 


SimpleTag class 


Tag Handler Object 


Container 


I Load class 




1MJ 

10IMMMM 

u>ie *• • 
•two t 

lOIOtll 

IUICK1I 

iwinnn 


SimpleHandler.class 

I 

Instantiate class (no-arg constructor runs). 


Call the set J spContext( J spContext) method 


If the tag is nested (invoked from within another 
tag), call the setParent(JspTag) method 


■> 


You will write Thar in your class 

If the tag has attributes, call attribute setters. 


If the tag is NOT declared to have a <body- 
content> of empty, AND the tag has a body, call 
the setJspBody(JspFragment) method 




Coni' 






✓ 


You will Al-WA/S override this 

Call the doTag() method 


' 0 ) 

♦6 

*0 


This gives the handler a 


A nested t* 

dommum Ukl ^ 

tags tn which «t* 

^ ,^, e ** evoked w.th 

Jtnoutes, the setter U ^ 
Jttributeis called, using JavaBean 
naming fTKere . a special excepts 
this that well see later ) 

Comes m 4r<^h this method, 
an instance of fragment 

Wow we're finally ready to DO 
what the tag is meant to do> 
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BE the Container 

Look at each oT the TLD/JSP pairs. 
Assume that the fag handler prints the 

body of the tag. 1 ben answer the 
following questions about each 
one... what's the result? If it 
works, what prints out? which 
methods in the custom tag class 
are invoked? 


0 <tag> 

<description></desenption> 

< name > s imp 1 e< / n aine > 

• tag-class>f op.Simp1eTagTest • / 1 ag-c1 ass • 

i 

</tag> 

What do you see in the browser? 


Simple Tag: 

*myTags:simple> 

This is the body of the tag 
</myTags:simp1e 


If it works, which SimpleTag lifecycle methods are called in the handler? 

J void doTag() l_J JspTag getParentQ J void setJspBodyO IJ void setJspContert/) [ J void setParentf) 


@ ^tag> 

--description x/description - 
< namt • a imp 1 e < / n ame > 

vt5y-Cia&5^f 00, Siliip.ieTagTeStv /tag-CiaSS- 
<body-content>scriptless*/body-content> 
</tag> 

What do you see in the browser? 


Simple Tag: 
myTagsIsimple> 
$12*3) 

■' /myTay S: 5 ifiip iw > 


If it works, which SimpleTag lifecycle methods are called in the handler? 

1 void doTagO l„J JspTag getParenti) J void setJspBodyf) J void setJspContextt) J void setPawnt() 
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BE the Container 

Answers 



(?) <taq> 

<description></description> 
<name>simple</name> 

<tag-class>foo.SimpleTagTest</tag-class ■ 
<body-content>empty</body-content> 

</tag> 

What do you so* in tho browser? 


Simple Tag: 
cmyTags: s i mp l e > 

This is the body of the tag 
</myTags: simple;- 


|E doesn't work because it is supposed to Ka»e an en-pty body 

or g. apache, jasper .Jasper Except ion: /simpleTagl. jsp(l,7<5) 
According to TLD, tag myTagsssimple must be empty, but is not 

If it works, which SimpleTag lifecycle methods are called in the handler? 


None, because it 
doesn't work 


— J void doTagf) IJ Jsp7ag getParenlf) J void seUspBodyf) i_J void selJspContexti) i_J void setParentf) 


(2) <tag> Simple Tag: 

<descriptionx/description> <myTags:simple> 

<name>simple</name> $|2*3| 

<tag-class>f 00 .SimpleTagTest</tag-class.> </myTags:simple > 

•cbody-content >scriptiess</body-content > 


What do you see in the browser? 



TV 

a «IM «*l 

lac. •» .n*oked Wo- 

witWN 


SmCe 
wt 


met - J ./\ . 

eAed. sctPaventO 


If it works, which SimpleTag lifecycle methods are called in the handler? -- 

J NOT caUed l 

void doTag() IJ JspTag getParentf) j(void selJspBody() void seUspConteriQ [_| void setParentfj 
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What if the tag body uses an expression? 

Imagine you have a lag with a body that uses an 1.1. expression for an attribute. Now 
imagine that the attribute doesn't exist at the time you invoke the tag! In other words, the 
tag /Ws depends on the lag hnndlti to set the attribute. The example doesn't do anything 
vcrv useful, but it's here to show you how it works in preparation for a bigger example. 


The JSP tag invocation 

CmyTags:simple3> 

Message . s: ${message} 

</myTags:simple3> 


M the 90 b* -he« the t* * 
[f yjtock this e^frew^ 


Jd return 


The tag handler doTag() method 

public void doTag0 throws JspException^VlOException t 

getJspContext().setAttribute("message", "Wear sunscreen."); 

getJspBodyO . invoke (null); V 

and TrtEN >•"'<*« the bod ^ 


-^Sharpen your pencil 


Imagine you have a tag that looks like this: 

<table> 

‘myTags:simpie4> 

<tr xtd>$ (movie }</tdx/tr> 

</myTags:simple!■ 

</tdble> 

Imagine that the tag handler has access to an 
array of String movie names, and you want to 
print one row for each movie name in the array. 
In the browser, you'll see something like: 



Monsoon Wedding 
Saved! 

Fahrenheit 9/11 


Write the tag handler doTagf) 
method to support that goal. 


public void doTag<) throws JspExceprron, 

lOException t 


I 
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iterating the 


A tag with dynamic row data: iterating the body 

In this example, the Kl, expression in the body of the tug represents a single value in 
a collection, and the goal is to have the tag generate one row lor each element in the 
collection. It's simple the doTag method simply dors the work in a loop, invoking 
the body on each iteration id the loop. 


The JSP tag invocation 

<table> 

■ myTagassimple4 

i : ${movie} I t 

<VtnyTags:simple4 ■ 

</tabie> 





The tag handler doTag() method 

StringlJ movies = ("Monsoon Wedding", "Saved!", "Fahrenheit 9/11*1; 

c 4 to* AoiM*'•****'* 

££ a-** 


public void doTagl) throws JepException, iOException ( 

forlint i - 0; i < movies.length; i++) ( ^ 

getJspContext().setAttribute("movie", movies[i]); 

get .TspBody () . invoice (nu111; 


I 


) 


Invoke ike body ajj,, 


JSP 


Tag handler 


•myTags:simple^ 
<tr><td> 

.$ (nvor i e) 

</tdx/tr> 

</myTags:simpIe 4 • 



£or(int i - 0; i • movies .length; i+r) I 

getJspt'oritexr I) .setAttribute ("movie* . movies HI) 
yeLJspBoUy().invoke(null) ; 


E^Moop kjrdler reieti 

1, T* value and ulh 

jeiJrpBodyO wvokeO 
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A Simple tag with an attribute 

If the tag needs an attribute, you declare i( in the I'Ll), and provide 
a bean-style setter method in tin- tag handler class for each attribute. 
If the tap; invocation includes attributes, the Container invokes a 
setter method Ibr each attribute. 


The JSP tag invocation 


<table> 

nyTags:simple' movieList*"$ {movieCollection}" 

<tr> 

<td>$(movie,name f 
• td>$(movie.gen :^§\ /td 
</tr> 

</myTags:simp1e5> 

</tabie> 


12 

i&r? k ‘ W * «it»- 


rt 




The tag handler class 

public class SimpleTagT<j 

I : movioLiJ 


extends SimpleTagSupp-ort | 


public void setMovieList(List movieList) { 
this.movieList=%iovieList; 

) 


public void doTag() 


\ 


iterate-: : = movldast.Iterator O ; 


while! i.hasNext()) 
Movie movie = 


getJspContext a.setAttrrbute("movie", movie); 


getJspBody!) . i| 


J 


The TLD for the tag 

ctag> 

<description>tak< 
<nanve>simple5</n 
«-tag-class>foo.S:j 
<body-content> 

<attribute> 


<r"" Kj > i e bXl y,e * iier " ,elKod 

ft,, Tl fw < **~e '•> 

the l i_D (mints the , 

OVS JftpEX , !^Exception ( —•ftwtCTJw 


f 

Movie) i.next(); 


voko(null); 




an attribute and iterates over body^/descripticn • 

> 

leTagTest5</tag-class> 
tless •/body-content> 

tor <Uy 


, ii^ a vea,v.li' r ^J - I 

<name>movieList</name> detlarat-o* 0* TL-D. 

<required>true</required> 1 ^ *’ ^ fr tuS tpm Lay 1 e 

<rtoxprvalue>true</rtexprvalue> ^ i of Ta^ Fibv 1 

. . „ • jwxyw 


</attribute> 

</tag 
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a JspFragment 


What exactly IS a JspFragment? 


A JspFragment is an object that represents JSP code. Its sole 
purpose in life is to be invoked. In other words, it's something 
that’* meant to run and generate output. The body of a tag that 
invokes a simple lag handler is encapsulated in the JspFragment 
object, then sent to the tag handler in the scJspBody i method. 

The crucial thing von must remember about JspFragment is that it 
must NO’F contain any scripting elements! It can contain template 
text, standard and custom actions, and ML expressions, but no 
scriptlets, declarations, or si ripting expressions. 

One cool thing is that since it's an object, you can even pass the 
fragment around to other helpet objects. And tlioir objects, in 
turn, can get information from it by invoking the JsplYagnient's 
ot/in method gr(JspContexti I. And of course once you've got a 
context, you can ask for attributes. So the getJspContcxt method 
is really a way lor the tag body to get information to other objects. 

Most of the time, though, you’ll use JspFragment simply to output 
the body of the tag to the response. You might, however, want 
to get access to the rontrnts of the body. Notice that JspFragment 
doesn’t have an access method like gctContenlsi i or getBodyi' i. 

You ran icritr the body to something, but you can t directly grt the 
body. If you do want access to the body, you can use the argument 
to the invoke method to pass in a java.io.Wi iter, then use 
methods on that Writer to process the contents of tin* tag body. 

For the exam, and real life, this is probably all you "ill ever need 
to know about the details of JspFragment. so we Won’t spend any 
more time on it in tin* hook. 



TS< ,„*«<> * 

Writer-. 

tor> tents 


ivokoO > w ,, “ 

the body ,n some way ’ 
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custom tag development 


SkipPageException: stops processing the page... 

Imagine you’re in a page that invokes the tag, and the tag depends on specific retpiest 
attributes ithat it gets front the JspContext available to the tag handler). 

Now imagine the tag can’t find the attributes it needs, and that the tag knows the rest 
of the page will never Work if the tag can't succeed. What do you do:’ Von could have 
the lag throw a.JspException, and that would kill the page... but what if it’s only the 
red of the page that won’t work.* In other words, what if you still want the first part of 
the page the part of the page that’s evaluated btfoiv the tag invocation to still appear 
as die response, but you don’t want the response to include anything still left to be 
processed oftn the tag throws an exception? 

No problem. I hat's exactly why Skip Page Except ion exists. 


The tag handler doTag() method 

public void doTagO throws JspException, lOException [ 

getJspContext().getout().print("Message from within dol'ag(>.*:br>") / 
getJspContext<).getOut().print("About to throw a SkipPageException"); 
if (thingsDontWork) I 

throw new SkipPageException(); 

) 

1 

The JSP that invokes the tag 

taglib prelix="rayTags" uri="sii»ipleTags" %> 

<htmi><body> 

About to invoke a tag that throws SkipPageException <br> 

<myTags:sinple6/> ^_J'hj 4*4 handled **» the doTagP n-ef sod 

<br>Back in the page after invoking the tag. above (that throws SkifP*yb*£<ft»o*J 
< / bodyx /html> 


f °t tk. r Z f ■<** ol 



AAnOil 

pCIlUI 


what is the result if the thingsDontWork. test ts true? 
Fill in what you’ll see in the browser: 
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the SkipPageException 


SkipPageException shows everything 
up to the point of the exception 

Everything in the doTagt i method up to the point ol' tlic SkipPageException 
still shows up in the response. But alter the exception, anything still left in 
either the tag or the page won't lie evaluated. 


In the JSP 


<%@ taglib prefix="myTags" uri="simpleTags" %> 
<html><body> 

About to invoke a tag that throws SkipPageException <br> 

<myTags:simpl@6/> 


C^<br 


<br>Back in the page after invoking the tag. 


</bodyx/html > 


. Thu doesn't frmt out 1 




« rs o 

4 1 1 o [ c ; [ http '.'local host QOBQIests'badTag jsp 

tn UVI 11 M I *eu*ati»r< UMUlhi L nr.- tt.imn Hm mall*** rnrhui k»m* 

About to invoke a tag that throws SkipPageException 
Message from within doTag(). 

About to throw a SkipPageException 


In the taq handler 


public void doTagt) throws JspException, lOException ( 

C text().getOutO.print("Message from within doTagt).<br >*)t 

Tget JspContext () .getOutO . print (“AbOUt to throw a SkipPageException'') ; 
if (thingsDontWork) t 

throw new SkipPageException(); 


1 


I 
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custom tag development 


Put what happens when the tag is 
invoked from an included page? 



Look at the code below and figure out what prints when you 
bring up PageA 

Hint: look in the API for javax.servlet.jsp. SkipPageException. 
Fill in what you'll see in the browser: 


O o 


1 

1 a : o C J http localhost&OSO .testvPageA i&p 

Bet Cooipt 


iXi l/V H «n 4 Mm* % hell (*kw«dn C H«em« NUshdw He •natter* 

*»t*t - Imm ||*4JMt 

• 


PageA JSP that includes PageB 

<html><body> 

This is page (A) that includes another page (B). <br> 

Doing the include now:<br • 

• lap:include page="baJTagInclude.jsp" /> 

<br»Back in page A after the include... 

</body></html> 

PageB (the included file) JSP that invokes the bad tag 

taglib preGx="myTags" uri="simpleTags" *i> 

This is page B that invokes the tag that throws SkipPageException. 
Invoking the tag now:<br • 

■f.myTags :simple6/ > 

<br>Stili in page B after the tag invocation... 

The tag handler doTag() method 

public void doTagO throws JspException, IOException I 

getJspContext<).getOut().print("Message from within doTag(>. <br>")/ 
get JspCon text().getOut() .print("About to throw a SkipPageException") ; 

throw new SkipPageException(); 

I 
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SkipPageException beha v tor 


SkipPageException stops onjy the page 
that directly invoked the tag 

If ihe pap;** that invokes iii«* la" was included I’rurn some oilier page, only the page 
that invokes (lie lag slops processing! The original page dial did ihe include keeps 
going alter ihe SkipPageException. 



http MocaBiosI 8080,'tesK'PageA jsp 



KM LS in • Mwulw* CotoMdo C oper» Now SUiMor M lut millet mCui how riviaci 


This is page l A> Ilia! includes another page iB). 
Doing the include now: 

This is page R that invokes the tag that throws 
SkipPageException. Invoking the tag now: 

Message from within doTagi I. 

About to throw a SkipPageException 

Back in page A after the include... ^ 




wW , i a 

uw 1 ** 1 


PageA JSP that includes PageB 

<btml><body> 

This is page (A) that includes another page (B).<br 
Doing the include now: bt 

<jsp:include p^ge="badTaglnclude.jsp" /> 

<br Back in page A after the include... 

</bodyx/html> ... 

Were yov to see th.s l m e fro* A ^ 

PageB (the included file) JSP that invokes the bad tag 



<%{? taglib prefix-"uiyTagi" uri—"cirapleTags" %> 

This is page B that invokes the tag that throws SkipPageException. 
Invoking the tag nowrebr 

cnyTags: nirnple6 /> 


(^br>Still in page B after the tag invocation. 


The tag handler doTag() method 


^ "-'t 




fx P«ied 


public void doTagi) throws JspException, IOException | 

getJspContext().getOut().print("Message ft->m within doTag(). ■ br>"); 
getJspContext0.getOut0.print("About to throw a SkipPageException">; 

throw new SkipPageException () ; ^_^ ^ A keeyv 
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custom tag development 


D'tmil' due-il fons 


0 ; 

What happens to a SimpleTag 
handler after it completes doTagO? 
Does the Container keep it around 
and reuse it? 


A j 

No. SimpleTag handlers 
are never reused! Each tag handler 
instance takes care of a single 
invocation. So you never have to 
worry, for example, that instance 
variables in a SimpleTag handler 
won t have the correct initial values. 
A SimpleTag handler object will 
always be initialized before any of its 
methods are called. 


0 : 

y Do the attribute methods 
in a SimpleTag handler have to be 
of a type that can be automatically 
converted to and from a String? In 
other words, are you stuck with just 
primitives and String values? 


A: 

XI.* Weren't you paying attention 
a few pages back? The attribute we 
sent to the SimpleTag handler was 
an ArrayList of movies. So that would 
be "no", to answer your question. 
But.., if the attribute (which you can 
think of as a property if you think of 
the SimpleTag handler as a bean) is 
NOT a String or primitive, then the 
<rtexprvalue> value in the TLD had 
better be set to true. Because that's 


the only way you can set an attribute 
value for something that can't be 
expressed as a String in the tag. In 
other words, you can't send a Dog into 
the tag if you're forced to represent 
the Dog as a String literal. But if you 
can use an expression for the value 
of the attribute, then that expression 
can evaluate to whatever object type 
you need to match the argument to 
the handler's corresponding setter 
method. 


In a SimpleTag handler, if the 
tag is declared to have a body but it 
is invoked using an empty tag (since 
there's no way to say that a body is 
required), is the setlspBodyO still 
invoked? 

No! The setJspBodyO is 
invoked ONLY if these two things are 
true: 

1) The tag is NOT declared in the TLD 
to have an empty body. 

2) The tag is invoked with a body. 

That means that even if the tag is 
declared to have a non-empty body, 
the setJspBodyO method will not be 
called if the tag is invoked in either of 
these two ways: 

<foo:bar/> (empty tag) 
<foo:barx/foo:bar> (no body). 
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Simple Tag bullet points 


BULLET POINTS 




■ Tag Files implement tag functionality using a page 
while tag handlers implement tag functionality using 
a Java tag handler class. 

■ Tag handlers come in two types Classic and 
Simple (Simple tags and Tag Files were added In 
JSP 2.0). 

• To make a Simple tag handler, extend 
SimpleTagSupport (which implements the 
SimpleTag interface) 

■ To deploy a Simple tag handler you must create a 
TID that describes the tag using the same <tag> 
element used by JSTL and other custom tag 
libraries 

■ To use a Simple tag with a body, make sure the TLD 
<tag> for this tag does not declare <body-content> 
empty Then call getJspBody().invoke() to cause 
the body to be processed 

■ The SimpleTagSupport class includes 
implementation methods for everything in the 
SimpleTag interface, plus three convenience 
methods including geUspBody() which you can 
use to get access to the contents of the body of the 
tag 

■ The Simple tag lifecycle: Simple tags are never 
reused by the Container so each time a tag is 
invoked the tag handler ie instantiated, and its 
setJspContextQ method is invoked If the tag is 
called from within another tag. the setParentO 
method is called If the tag is invoked with attributes 
a bean-style setter method is invoked for each 
attribute If the tag is invoked with a body (assuming 
its TLD does NOT declare it to have an empty body) 
the setJspBody() method is invoked Finally, the 
doTag() method is invoked, and when it completes, 
the tag handler instance is destroyed 

■ The setJspBodyO method will be invoked ONLY 
if the tag is actually called with a body If the tag 

is invoked without a body, either with an empty tag 


<my tag/> or with nothing between the opening and 
closing tags <my:tag></my.tag>. the setJspBodyO 
method will NOT be called Remember, rf the tag has 
a body, the TLD must reflect that, and the <body- 
content> must not have a value of “empty" 

* The Simple tag s doTagO method can set an 
attribute used by the body of the tag, by calling 
getJspContext() setAttribute() followed by 
getJspBodyt) mvoke() 

* The doTag() method declares a JspException 
and an lOException, so you can write to the 
JspWnter without wrapping it in a try/catch 

■ You can iterate over the body of a Simple tag by 
invoking the body (getJspBodyO invoke()) in a loop 

■ If the tag has an attnbute, declare the attnbute in 
the TLD using an <attribute> element, and provide 
a bean-style setter method in the tag handler 
class. When the tag is invoked, the setter method 
will be called before doTag<). 

■ The getJspBodyO method returns a JspFragment. 
which has two methods invoke(java.io.Writer) and 
getJspContext() that returns a JspContext the tag 
handler can use to get access to the PageContext 
API (to get access to implicit vanables and scoped 
attributes) 

* Passing null In mvnke() wntes the evaluated hndy 
to the response output, but you can pass another 
Wilier in if you Warn difeu access tO the body 
contents 

■ Throw a SkipPageException if you want the current 
page to stop processing If the page that invoked the 
tag was included from another page, the including 
page keeps going even though the included page 
stops processing from the moment the exception is 
thrown 
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custom tag development 


It's just wonderful 
that JSP spec designers gave 
us Simple Togs and Tag Files, but, 
um, they waited until AFTER my 
company wrote about 10 million 
custom tags using the 
Classic model-. 



You still have to know about 
Classic tag handlers 

Ymi might get lucky. Maybe the place you work 
is starting out with JSP 2.0. and can use lag 
Piles and Simple lag handlers from the start. 

Thai cotilil happen. 

But it probably won’t. Chance* are, you’re 
working (or will work in the future) somewhere 
that's been UsingJSPs since the prc-2.0 days, 
using the Classic tag model for writing c ustom 
tag handlers. 

You probably need to at least Ire able to read the 
source code for a Classic tag handler. You might 
lie called on to maintain or refactor a Classic- 
tag handler class. 


But oven if you don't ever leave lo read or 
write a Classic tag handler, they’re still covered 
(very lightly! I»y one of the exam objectives. Be 
grateful on the previous version of the exam 
sou might have seen at least seven or eight 
Classic tag handler questions on the exam 
Today, exam candidates will sec only a couple 
of questions on Classic lag handlers. 
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Tag *\PI 


Tag handler API 

Everything in a 
grey box is from the 
original (Classic,' lag 
model tor custom tag 
handlers. 


JspTag interface 


«interface» 

JspTag 


II no methods, this interface is for 
II organization and polymorphism 


u4‘ 


SimpleTag interface 


T« 


i 




ag interface 


_ ___ 

«inferface» 

SimpleTag 


-*- 1 

«inteflace» 

Tag 

void doTagl) 


ini doEndTagl) 

JspTag getParent() 


Tag getParenti) 

void setJspBodyiJspFragmerrtl 


ml doStartTagO 

void set JspContext! JspContext) 


void setPageContextf PageContextl 

void setParentlJspTag) 


void setParent(Tag) 



void reieasel) 




SimpleTagSupport class IterationTag interface 


SimpleTagSupport 


vend doTag() 

JspTag findAncestorWithClass ( 

JspTag. Class) 

Jspfragment getJspBodyO 
JspContext getJspContextO 
JspTag getParentl) 
votd aoUspBodyiJspFrogment) 
void seUspContext( JspContext) 
void setTarentl JspTag) 


-L 


««n terface» 

IterationTag 


int doAfterBodyO 


T 


v 


BodyTag interface 


x 


«mterface» 

BodyTag 


void dolmtBodyi) 

void setBodyContentlBodyContenli 


V 


r 

'fr ** '**’ 

? pfcTag API The 

ift'd Ik^n kt ,l 

' the Class* api 


The tag handler API 
has five interfaces and 
three support classes. 

There’s virtually NO 
reason to implement the 
interfaces directly, so 
you’ll probably always 
extend a support class. 


TagSupport class 


TagSupport 


nt doAfterBodyl) 
nt doStartTagl) 

nt HnFnfflivWl 

void setPageContext(PageContext) 
II more methods 


T 


' s BodyTagSupport class 

r*- 1 -. 


BodyTagSupport 


mt doStartTagO 

BodyContent getBodyContent() 
void dolmtBodyt) 

void setBodyCon ten ((BodyContent) 
II more methods 
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custom tag development 


A very small Classic tag handler 

This example is so basil that it's not much dilTerent from a Simple lat> handle!'s 
duTagO method. In laet the difTerem e* won't become painful until you iry to 
process a tag with a body (but you'll just have to wail for that). 


A JSP that invokes a Classic tag 

<%@ taglib prefix="ntine'' uri="KathyClassicTags" %> 
<htmlxbody> 

Classic Tag One:<br> , use s a 

<mine: classicOne /> ^, u 5 o . ± ^ the OSP. >t looks 

</body></htral> . ... . .. .tu 


yA. like ^ ' 


The TLD <tag> element for the Classic tag 

<tag> 

<descrrption>ludicrous use of a Classic tag</description> 


<nawe >c 1 a a s ieOne-: /name > 
<tag-dasa>foo.Classic! 
i - pt body- 

</tag> 


The Classic tag handler 


package foo; 

import javax.servlet.jsp.*; 
import javax.servlet.jsp.tagext.*; 
import java.io.*; 


. knox U cert** that to <tag 

iW* - *1 handler. «J«« T» 

,s bandied h? a CU»'t taj ^ Tag 

« u***l 

(instead of S-?Wlay SmfWTag, 

the fooCUoAl code fr 
a *d the TLD «oJd 


fyeid 

__ ___ _ ■&«***. 

pLLUi.lL J.IIL U(Jd Ldltidy \f LUX'Jda UUpC.A_tfpLd.jn I , r /t - r w,w ' * Of ^Impl* f 

doTagO d«ia rei lOEictyi**) 3 

JspWriter out = pageContext.getOut 0 .* x_ .. 

1 1 -SllfSr fr°», TagSuppor-t fin Coni si 

out.println("classic tag output*); ytJ»pCcntextO method erf c t t *** 
catch (lOException ex) | *"*“■“ el *y 

throw new JspException("lOException- " + ex.toStringO ); 


public class Classicl oxt-enH? TagSupport - i 


try f 

) 


) 

return SKIP_BODY; 

Ar_ y/e have to return an mt to tell 


we murt a try/w^K, 

S** ^ declare fee 


the Con tamer what to do ne*t 
Murh more on thi* Coming up 
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Classic rag 


A Classic tag handler with TWO methods 

This example overrides both the doSturtTagl ;< and dnKndTagi) methods, although 
it could accomplish the same output all within doStartTagO- The point of 
doEtidTaui i is that it's called <ijl?r the body is evaluated. We don't show the TLD 
here, because it’s Mt tn.dK identical to the previous one. except Ibr some of the 
names. The tag is declared to have no attributes, and an empty body. 


A JSP that invokes a Classic tag 


<%@ taglib prefix="niine" 
<html><body> 

Classic Tag Two:<br> 

<mine:classicTwo /> 

</body>c/html> 

The Classic tag handler 


uri="KathyClassicTags" h> 


public class Classic2 extends TagSupport | 
JspWritet out; 


public int doStartTagO throws JspExcept 1 on | 
out = paaeContext.aetOut <); 
try I 

out.printin(“in doStartTag(t"); 

| catch(IOException ext ( 

throw new JspException("IOExceptian- " + ex.t-jSlringO ) ,* 


I 

return SKIP BODY 


tW, doEndTW) 




public int doEndTagO thr own JspExcept j.on 
try I 

out. print in ("in doEndTagO"); 

I cstch (IQExcsptior. ! 

tlrrow new JspExcept Ion (’"IOException- ~ + ex. tost ring ()); 
t 


a a-pfeTa, Handle * 


Classic Tag Two: 
in doStartTagO in doEndTag( 
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custom tag development 


When a tag has a body : comparing Simple vs. Classic 

Now ii starts to look different from a Simple lag. Remember, SimpleTag bodies 
areevaluated when .mil ifi yon want by railing invoki-M on the.JspKragment that 
encapsulates die Ihk.I\. Rut in (Hassit tags, the body is evaluated in between the doStartTagO 
and doEndTagf) methods! Both of ilu- example's below have tlit* cxai l satin- behavior. 

The JSP that uses the tag 

taglib prefix="myTags" uri="myTags" %> 

<htmIxbody> 

<myTags:simpleBody> 

This is the body 
</myTags:simpleBody> 

< /bodyx /html > 


A Simple Tag handler class 

// package and imports 

public class SimpleTagTect extends SirapleTagSupport ( 

public void doTagO throws JspException, lOException I 
getJspContext().getout().print("Before body."); 

getJspBody() . invoke (null) ; 4 -This causes the body to be evaluated 

getJsffContext () .getOut () .print ("After bdy.“) ; 


A Classic tag handler that does the same thing 

// package and imports 

public class ClassicTest extends TagSupport ( 

JspWriter out; 

put: . • int doStartTaoO thj ws IspExcei :i i: 
out - pageContext.getOut<); 
try | 

out.println("Before body."); 

> catch(lOException ex) ( 

throw new JspException(“lOException- " + ex.toString(>); 

) 

return EVAL_BODY_INCLUDE; 4 —> THIS is what causes the body to be 

I evaluated in a Classic ta$ handler 1 

public int doEndTagO throws JspException ( 
try ( 

out.println("After body."); 

) catch(lOException ex) I 

throw new JspException("lOException- " + ex. t>3tring()); 

) 

return EVAL PAGE; 


I 
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iterating with Clnr, s/e fags 



Simple tag 

II package and imports 

public class SimpleTagTest extends SiiripiaTagSuppcr t ( 
public void doTagO throws JspException, IOException 
forlint i = 0; i • 3, i+*) | 
getJspBody().invoke(null); 

it' 


' “7 *• '~r , a-* Ui 


Classic tag 

II package and imports 

public class ClassicTest extends TaqSupport ( 

public int doStartTagO throws JspException ( 
return EVAL BODY INCLUDE; 

But wk„, ^ loo, „„ t(l[ lod ,( t 
"Utrad of is a hire doTjjO? 


public lilt do£ndTag() throws JspException | 
return EVAL PAGE; 
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custom tag development 


Classic tags have a different lifecycle 

Simple tags an* simple it's all about dn'lagl). But with classic tags, 
there's a doMm/Iagi; and a dof/j/I’agi ). And that brings up an 
interesting prnblem when and how is the body evaluated? There’s 
no doBody method, but there is a do.4/VerBody() method that's 
called after the body is evaluated and before the doEncITagf) runs. 


Web Container 


Classic tag class Tag Handler Object 


Container 


JMUMfltf 

ini u a 
01010 | 


o 


i Load class 


C lassicHandier. class 

-►’ 


Instantiate class (no-arg constructor runs). 


Call the setPageContext(PageContext) method 


lv, first 

IS. ‘ '■** ^ 


If the tag is nested (invoked from within another 
tag), coll the setParent(Tag) method 


If the tag has attributes, call attribute setters 


Call the doStartTagO method 


If the tog is NOT declared to I rove on empty 
body, AND the tag is NOT invoked with an empty 
body. AND the doStartTagO method returns 
EVAL_BODy_INCLUDE, the body is evaluated 



If the body content was evaluated, call 
doAfterBody() method 


.alljht^ 


Call the doEndTag() method 


Thu ^iv« the handler a 

reference to A Pa^eContevt 

A nested t»A Conanvmtate with 
the other tay ** neited 

lL th )' ^ “ '^° ked w,tk attributes, 

Sj setter for each 

^tribute is called (jut as w,th 


other methods i tan be invoked <300 
than on« 


"*?»> «*d 


O nee, 
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Classic tag lifecycle 


The Classic lifecycle depends on return values 

The doSiartTafti i and doKiidlagf methods return an int. That ini tells the 
(Container what to do next. With doStarlTag(i, the <|tiestinn the (lonlainer 
asks is, “Should I evaluate the Itody:*" assuming there is one, and assuming 
the TLD doesn’t dcrlare the body as emptyI. 

Will doEndTag . the Container asks, “Should I keep evaluating the rest of 
the calling page.’" The return values are represented by constants declared in 
the Tag and IterationTag interfaces. 


Possible return values when 
you extend TagSupport 

doStartTag() 

SKIP_BODY 

EVAL BODY INCLUDE 


return SKIP_BODY 


doAfterBodyO 


return E\ML_B0DY_A6AIN 


SKIP_BODY 
EVAL BODY AGAIN 


doEndTagO 

SKIP_ 

EVAL 


PAGE 

PAGE 



'W.or.ragftKeotkeer 

* e *1 fa 9 ; 


___I <e ratorn 

The constants us««* **•> 
values for doStartTagO and 
doEndTagO return value constants 
are inconsistently named. 

With doStartTagO, the return values tare 
SKIP BODY and EVAL_BODY_INCLUDE- But wrrn 
doEndTagO. the values are SKIP_PAGE an 

lithe names wero consistent doEndTagf) wojjW TOa/m 

EVAL PAGE INCLUDE (as opposed to EVAL PAGE), 

I^UDeIZCT sJdtTZod « you see code , 



return SKIP PAGE 


Returning SK'fP_PA^E from doEndTagO a 
eiUC-tly like throwmij a SkipPayE*cept<on Itom 
a Simple ta^ If a pay included the pay that 
invoked the ta<y the Current (included) pay stops 
processing but the including page Continues 
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custom tag development 


IterationTag lets you repeat the body 

When y«m write a tag handler that extends TagSupport, you get all the lilecycle methods from the 
lag interface, plus the one method from IterationTag doAfterBodyi). Without doAfterBody , 
you can’t iterate over the body because doSiartTag(i is too early, and dtiEndTagi,.» is loo late. 

But with doAfterBody (i. your return value tells the Container whether it should repeat the body 
again tKVAL_B( )1)Y_ACAIN: or call the doEndTagf) method SKI 1*_B< )I)A 


Tag interface 


«m1erface» 

_ rjg _ 

mt doErxtTagO 
Tag getParent() 
mt <ioStartTag() 

void setPageContextiPageContexl) 
void setParent(Tag) 
void release!) 

IterationTag interface 

«mterface» 

IterationTag 

int doAfterBody() 


TagSupport class 


TagSupport 


■at 

nu usrtuctuvup/ 


int doStartTagf) 
int doEndTagf) 

void setPageContsxtiPageConteict) 
II (note methods 


^harpen your pencil 


Try to implement the same functionality of this 
SimpleTag doTag() in a Classic tag handler Assume 
the TLD is configured to allow body content 


public void JoTag() thr.ui JspException, lOException i 
StringU movies - l”Spiderman", "Saved!", "Amelie"); 
for(int i=0; i < movies.length; i++) | 

getJspContext(1.setAt tribute("movie", movies[i]); 
getJapBodyO . invoke (null) ; 

I 

H package and imports 

public elan AfylteratoeTag e*tends TagSupport { 

public mt doStartlagO throws JspE*C<ption { 


public mt doAfterBodyO throws JspEnCeption { 


public mt doEndTagO throws JspE*CCptiOn { 


} 


you are here > 537 












Classic tag • . orcise 



BE the Container 

l ook at the legal lag handler code below and 
figure oul whether it would give you the result 
shown, given tin* f ]SP tag invocation 
listed below. Ibis is also the sairje 
result produced by the Classic! ag 
handler from the previous page. Yes. 
we re answering the Sharpen /our 
Pencil with yet another exercise... 


The tag handler class 

// package and imports 

pubiic class MylteratorTag extends TagSupport I 

String!) movies- new String!) ("Spiderman", "Saved!", "Amelie") 
int movieCountex/ 

public int doStartTagO throws JspException I 
movieCountei=0; 

return EVAL_BODY_INCLUDE; 

> 

public ir.t doAfterBody() throws JspException ( 

if (movieCountex < movies.length) | 

pageContext.setAttribute!"movie", movies tmovieCounter)); 
movieCounter++; 
return EVAL_BODY_AGAIN; 

) else ) 

return SKIP_BODY; 

1 

) 

public int doEndTag() throws JspException ! 

fAfitfe trt rn r tihr'C • 

i-cLut-h U «rvL< tnuui 

) 

JSP that invokes the tag 

<%(? taglib prefix- "mine" uri="KathyClassicTags" %> 

<htmi><body> 

<table border m "l"> 

•mine: iterateMovies > 

<t rxtd>$ {movie I </tdx/t r> 

</mine:iterateMovies> 

</table> 

*/body></htJnl> 


Desired result 



Spiderman 


Saved! 

Amelie 
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custom tag development 


default return values from TagSupport 

If you don’t override- tlx- I'agS upper rt lifervi I* - methods that return 
an integer, be aware of the default values the TagSupport method 
implementations return. The TagSupport c lass assumes that your tag 
doesn't have .1 bod) by returning SKIP BODY trotn doStartTag 1 . 
and that if you L)() have a body that's evaluated, you want it 
evaluated only once iby returning SK1P_B< >DY from doAliorBodyi 
It also assumes that you want the rest of the page to evaluate (by 
returning I’AAI.-I’A(JK from doKndtag . 


Default return values when you don’t override the 
TagSupport method implementation 

doStartTagO 

(^SK I ^BODY ^) 

EVAL BODY INCLUDE 


doAfterBodyO 

/ 'SKIP_BOD1 
EVAL BODY AGAIN 


doEndTagO 

SKIP PAGE 



The TagSupport class 
assumes your tag doesn’t 
have a body, or that if the 
body IS evaluated, that the 
body should be evaluated 
only ONCE. 

It also assumes that you 
always want the rest of the 
page to be evaluated. 




\/ 



doStartTagO and 
doEndTagO run 
exactly once. 

You really must know this lifecycle for the 
exam. Donl forget that doStartTagO and 
doEndTagO are always called, and they re 
called only once, regardless of anything 
else that happens But doAfterBodyO 
can run from 0 to many times, depending 
on the return value of doStartTagO and 
previous doAfterBodyO calls. 



MUST override doStartTagO 
»u want the tag body to be 


You _ 

if you want the tag body to be* 
evaluated!! 

Think about it' The default return value from 
doStartTagO is SKlP_BODY. so if you want the body 
of your tag evaluated, arid you extend TagSupport 
you MUST override doStartTagO if for no other reason 
than to return EVAL BODYJNCLUDE 
With doAfterBodyO. it should be obvious that if you 

Z a T°" era ' e ° Ver,he bod y y° u have to override that 
method as well, since its return value is SKIP BODY 
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Classic tag exercise answers 


BE the Container Answer 




w 


Desired result 


I G G c; 


Actual result (unless you add the 

two lines highlighted below) 


I ac c d c rera; 


Spiderman 


Spiderman 

Saved! 

Amelie 


There'i Jn empty 
tell at the top/ 


The tag handler class 

public class MylteratorTag extends TagSupport I 

String!] movies- new String!I I"Spiderman", "Saved!* 
■nt movieCounter; 

public int doStartTag(> throws JspExceptian ( 
movieCounter=0; 


‘Arne lie"]; 

,/„ MUST M * 

tv*** 


,W0 fait* 

rt^orit 


pageContext.setAttribute \ 
movieCounter++; 


return EVA I. BODY TNCI.TOE; 


movies[movieCounter] 


public int doAfteiBody() throws JspExcepticn ( 
if (movieCounter < movies.length) l 

pageContext.setAttribute("movie", movies[movieCounter1); 
movieCounter*•; 

return EVAL BODY AGAIN; JL; S w_ACr n . 

I else I IZzTrT^ 1 «* 

return SKIP BODY; ,_7 ** * n ‘" 1 «"ly AFTER 

1 ^'tKout the 

public int doEndTag() throws JapException I 0, e body'a p'o!?"" T 

return EVAb PAGE; a '"‘ 1 u * 7 " ***“ 

> 


without there be.no a 

attribute, »o ^ yt the empty 


JSP that invokes the tag 

taglib prefix="mine" uri="KathyClassicTags" % • 
<html><body> 

•■table border="l"> 

•mine:1terateHovies> 

< 1 1 ><td>$ (mov ie) </td>< /1 r - 
</mine:iterateMovies> 

</table> 

</bodyx/html> 
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custom tag development 


dlm5irc5',esltom 


This seems stupid—there's 
duplicate code in doStartTagO and 
doAfterBodyO* 


iV Yes, there's duplicate code. 

In this case, if you're implementing 
TagSupport, and you want to set 
values the body can use, then you 
MUST set those attribute values in 
doStartTagO. You can't wait until 
doAfterBodyl), because by the time 
you get to doAfterBodyO, the body 
has already been processed once. 

Yes, it's kind of stupid. Which is why 
SimpleTag is so much better. Of 
course if you were writing the code, 
you’d make a private method in your 
tag handler... say, setMovieO, and 
you'd call that method from both 
doStartTagO and doAfterBodyO. But 
it's still an awkward approach. 


nol The Container can 
reuse Classic tag 
handlers! 

Watch out—this is completely different 
from SimpleTag handlers, which are 
definitely NOT reused That means you 
have to bo very careful about instance 
variables—you should reset them in 

doStartTagO ^ ... 

The Tag interface does have a released 
method, but thais called only when 
the tag handler instance is about to be 
removed by the Container So don t 
assume that released is a way to reset 
the tag handler s state in between tag 
I invocations! 


WHY are you setting 
the instance variable value 
for movieCounter INSIDE the 
doStartTagO method? Why can't you 
Just Initialize It when you declare It? 


XV Yikes! Unlike SimpleTag 
handlers, which are never reused, a 
Classic tag handler can be pooled 
and reused by the Container. That 
means you’d better reset your 
instance variable values with each 
new tag invocation (which means in 
doStartTagO). Otherwise, this code 
works the first time, but the next time 
a JSP invokes it, the movieCounter 
variable will still have its last value, 
instead of 0! 
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automating a select tag 


OK, let's get real... 


Rrmeinber the I>«*<t webapp from Chapirr It? I .cl’s 
improve ii a bit. and a in ornate part of the HTML form: 

form method*"POST" actlon="Select0eer.Jo" 
<p>Select beer characteristics:</p> 


Color: 

<select name-'color' size-'l' > 

<option value*'light'> light </option> 
<option value*'amber'> amber </option> 
<option value*'brown'> brown </option> 
<option value*'dark'> dark </option> 

</select> 


m tWis ti> tome 

(vows {ye affl-Mtoe 


<br><br> 

<input type="STJBMIT"> 
</form> 


ll mt make the options dynamic, they’ll be easier to 
update and change, without messing around with the 
HTML. Instead, we want the options n> be generated 
from a Java List > realed in the web application. So 
here’s the rttstom lag we want to build: 


<form method*“POST" action="SelectBeer.do" 

■ p>Select beer characteristics:</p - 

Color: 

<forrr.Tags: select name*' color' siz®*'l' 

optionsList*'${applicationScope.colorList)' 

<br><br> 

•■'input typ®="SUBMIT*> 

</form> 


/> 


3 ' r <w’ < ~ T? tlx H 


-- "TCiora The 

V attributes 


Wrth ti»«s ta^, an aff tan thany tiw 

^tions without hJrd-todin^ busmtss 
data in an HTML 
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custom tag development 


*3arpen your pencil 


Your mission (if you choose to accept it) is to complete 
the implementation of the select tag handler 

First, the handler class needs to implement setter 
methods for each tag attribute, here's a skeleton to get 
you started 

package com.example.taglib; 

// assume all needed import statements 


SimpleTagSupport 

- 25 - 


SelectTagHandler 

*se*OpbonsL)si(Ustj 

+setName<$tmg) 

*S6tSize{String) 

1 +doTagf) 


public class SelectTagHandler extends SimpleTagSupport I 

// store the ’optionsList' attribute 


// store the ’name' attribute 


// store the 'size' attribute 




} 


Continues over the page 
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coding the elect tag 


^yarpen your pencil 

Next, complete the implementation of the select tag 
handler class by writing the doTag () method. We've 
provided the method signature and a few helpful 
comments help you out Don't forget to take a look at the 
HTML that this tag needs to generate on page 542 

// generate the <seiect> and <option> tags 

public void doTag0 throws JspException, IOException { 

PageContext pageContext - (PageContext) getJspContext(); 
JspWriter out = pageContext.getOut(); 

// Start the HTML <select> tag with HTML-specific attributes 


More Code to write, 
here . ^_ 



// Generate the <option> tags from the optionsList 


// End the HTML </select> tag 


| // // END of doTag<) method 


I // END of SelectTagHandier 


it ,,<» need add-W 

ScJettTa^d^' ^ 
tar add *** 


Continues over the page 
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custom tag development 


fr^barpen your pencil 

Now you need to configure the select tag in the TLD file 
The boilerplate elements of the TLD are already provided 
for you. You just need to add the element to declare the 
select tag. its handler class, and all its attributes. 


<?xmi version="1.0" encodirig="ISO-8859-l w ?> 

<!DOCTYPE taglib 

PUBLIC "-//Sun Microsystems, Inc.//LTD J5P Tag Library 1.2//EN" 
"http://java.3un.com/j2ee/dtds/web-jsptagJ ibrary_l_2.dtd"> 

<taglib> 

<tlib-version>l.2</tlib-version> 

<jsp-version>l.2</jsp-version> 

<short-name>Forms Taglifcx/short-name> 

<u ri>h ttp://example.com/tags/forms</uri> 

<descript Lon> 

An example tab library of replacements for the HTML form tags. 
</de3cription> 

<tag> 

<!— Add elements to declare the tag name, class and bodytype --> 


<!— Add elements for optionsList attribute —> 



< 1 — Add element* for name attribute —> 


<!— Add elements for size attribute —> 



m 

for 0** 
drstmyio’ 


</tag> 

</taglib> 
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handling attributes 


<1 Jibarpen your pencil 
^ v Solution 

Your mission (if you chose to accept it) was to complete 
the implementation of the select tag handler The 
handler had to implement setter methods for each 
tag attribute. The handler also had to implement the 
doTagO method 


package corn.example.taglib; 

// assume all needed import statements 


SimpleTagSupport 


SelectTagHandler 


*setOptbnsbst\Ust) 

*setName(String) 

*setSize(Stnng) 

*doTagO 


public class SelectTagHandler extends SimpleTagSupport { 


private List optionsList; Setter 

// store the ’optionsList' attribute ^ iiaUte^r*bl/fi the 

public void setOptipnsLiat (List value) | ©ftioniLut attribute 

this.option3Li3t = value; 

) 


private String name; 

// store the ’name' attribute 
public void setName(String value) | 
this.name - value; 

) 

private String size; 

// store the ’size' attribute ,, , 

Setter ~etkod and 

public void setSize (String value) ( *-irvstantt variable+or 

this.size - value; the attribute 


Her 


// other SelectTagHandler code 

) 
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f^barpen your pencil 
^ v Solution 


custom tag development 


Next, you had to complete the implementation of the 
select tag handler class by writing the doTag () method 
Here’s the code we used: 


// generate the <select> and <option> tags 

public void doTagO throws J3pException, IOException ( 

PageContext pageContext = (PageContext) getJspContext(); 


The HTML 

<*e1edt> ^ 

use* the 

attr^te* 

i 



JspWriter out - pageContext.getOut(); 


// Start the HTML <select> tag with HTML-specific attributes 
out.print T’Oelect ”); 

out.print(String.format(ATTPTEMPLATE, "name", thi3.name)); 
out.print(String.format(ATTP TEMPLATE, "size", this.size)); 
out.println(’>'); 


II Generate the <option> tag3 from the optionsList 

for ( Object option : this.optionsList ) ( The optiomtList obxett a 

_ A- *«d ■» create the HTML 

String optionTag A;-/ <of W tag* 

- String.format(OPTlONTEMPLATE, option.tcString()); 
out.println(optionTag); 


// End the HTML </select> tag 
r,ut .print In (" <'./aeloct>") ; 


( // END of doTagO method 


F.rvaUy. the tag handler 
must output the elosirtA 

HTML </select> tag 


private static final String ATTP. TEMPLATE - " r '3-'%s' 
private static final String OPTION_TEMPLATE 

- ” <option value='%l$s'> hl$s </option>"? 


) II END of SelectTagHandler 


ntatton » 

. i.l_: 
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the deployment descriptor 


*<Jharpen your pencil 
^ v Solution 

Then, you had to configure the select tag in the TLD file. 
Here's what we did to add the element to declare the select 
tag, its handler class, and all attributes. 


<?xml version="l, 0" encoding="ISO-885‘‘-l" ?> 

<!DOCTYPE taglib 

PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" 
"http://java.sun.com/j2ee/dtds/web-jsptaglibrary 12.dtd"> 

<taglib> 

<tlib-version>l.2</tlib-ver?jan> 

<jsp-version>l.2</jsp-version> 

<short-name>Forms Taglib</short-name> 

<uri>http://example.com/tags/forms</uri> 

<description> 

An example tab library of replacements for the HTML form tags. 
</description> 

<tag> ^ Uy 

<name>r.elect</name> ^ 

<tag-class>com.example.taglib.SelectTagHandlerC/tag-class> 
<body-content>empty</bcdy-content> 


<attribute> 

<iidUue>upllonsLisL</iicime> 

<type>java.util.List</type> 
<required>true</required> 
<i-texprvalue>true</rtexprvalue> 
</altribute> 


f e tv 

attnk^ a| w a)U a 

runi,Ke rn iKe vaL e 
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custom tag development 


*3arpen your pencil 
Solution 


<attribute> _ 

The na«c and 
attribute* ar« far easier 
because wt tan attest the 
diia i'ffc default (String) 

<name>size</name> 

<required>true</required> 

</attribute> 

</tag> 

</t;agl ib> 


<name>name</naine> 

< required> true</required> 
</attribute> 


<attribute> 





Do you think the name and size attributes should 
allow runtime values? Why or why not? 
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we forgot 


Our dynamic <select> tag isn't complete... 



Wait a minute,, if our select tag is 
trying to mimic the standard HTML 
<seiect> tag. then we need to include 
attributes for all of the <select> tag 
attributes, not just name and size. 


The H I ML <select> tag accepts many more tag attributes 
than just name and size: 

Core attributes id, class, style, and title 

Internationalization attributes: 1 mi] and i 
Event attributes i 


1 


onmouseup, onmouseover. omnousemove, 
orimouseout. onkeypress. onkeyup, and 
onkeydown 


Form attributes: name, disabled multiple, size, 
tabindex. onfocus, onblur. and 
onchange 


You tan use 
these to 
make list 
bones and 
list menus 
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custom tag development 


We could just add more custom tag attributes... 



Don't get oil worked up, I con fix 
this... no problcmo 1 

I'll just odd more attribute setters to I 
the handler closs and declarations to J 
the TLD No muss, no fuss. 


Gary's design is very simple; we 
just need In add a seller method 
lor all of ihr H PML pass-through 
tag attributes The L ML lor the tag 
t lass in on the right, with all the 
methods we’ll need to add. 

Here's the mdr lo make this work: 


public class SelectTagHandler extends SimpleTagSupport i 
// tag attribute (setters and instance variables) 
public void setOptionsList(List value) t 
this.optional, 1st - value; 

This IS the only 
attribute we added 

public void setldtString id) ( ^_to the select ta^ 


I 

private List optionsList - null; 


rhin.tii = Id; 


ts p > >> , *• a Ch * I r>r^ I • 4 • 

i s • n .C l. ls i.il'd tUf 


X 


public void setClass(String styleClass) ( 
this.styleClass = styleClass; 

) 


private String styleClass; 


SelectTagHandler 

*se!OptionsList(Ust) 

, ♦settdfStnngI 
•setClass(Stmg) 

*setStyle(String) 

•setTitielString) 

*setLar>g{ String) 

+setD>riString) 

| ♦setOnckfcfStrrng) 
♦setOndbldieVStnogj 
| *setOnmouseupiString) 

| ♦selOwTTOusedownlStrrrgl 

| •setOnmouseover) String) 

| ♦$e!Ownouseowve(StnngJ 
j ♦setOnmouseouffStnngl 
j »setOnkaypfass(Stmig) 
j •saiOnkaydovm(Stnng) 

| ♦setOnkeyupi' StnngJ 
| ♦setNamef String) 
j *satSize(Strmg) 
*setMutbp<e{Stnng) 
+setChsabled)Stnng) 

| ♦satrabinctex(Stw)g) 

j *setOnfocuslString) 

I ^imGfiblunSirifig) 

j *satOnchange(Stnng) 

♦do Tag() 


II more code on the next page 


The rest o( {he ta^ attributes are 
tor the web browser This taa handler 
simply passes them through to the 
<select> tag output 
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pass-through attributes 


Son of more tag attributes 


public void setStyle(Str:ng style) ( 
this.style = style? 

I 

private String style? 

public void setTitle(Strinq title) ( 
this.title - title? 

I 

private String title; 

public void setLang (String lar.g) | 
tills, lanq = lung; 

I 

private String lang; 

public void setDir(String dir) ( 
this.dir = dir; 

I 

private String dir; 

public VlI d setOnclick(String onclick) ( 
this.onclick - onclick; 

I 

private String onclick; 

public void setOndblclick(String ondblclick) I 
this.ondbiclick - ondblclick; 

I 

private String ondblclick; 

public void setOnmouseup(String onmouseup) ( 
this.onmouseup = onmouseup? 

1 

private String unmouseup; 

public void setOnmousedown(String onmousedovm) ( 
this.onmousedovm = onmousedovm; 

I 

private String onmousedovm; 

public void setonmouseover(Strinq onmouseover) | 
this. onmouseover - onmouseover; 

I 

private String onmouseover; 

// more code or the next page 


4 * "TMU 
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custom tag development 


The return of the son of wore tag attributes 

yi*p, you jot it... f v e „ 
•"<»« kj attributes. 

public void set.Onraousemove(String onmouRemove) I | 

this.onmousemove = onmousemove; 

1 

private String onmousemove; 

public void setOnmouseout(String onmouseout) | 
this.onmouseout - onmouseout; 

) 

private String onmouseout; 

public void setOnkeypress(String onkeypress) | 
this.onkeypress = onkeypress; 

1 

private String nkeypress; 

public void setOnkeydown(String onkeydown) ( 
this.onkeydown = onkeydown; 

) 

private String onkeydown; 

public vcdd setOnkeyup(String unkeyup) ( 
this.onkeyup - onkeyup; 

) 

private String onkeyup; 

public void setHame (String value) ( 
this.name * value; 

) 

private String name; 
public void setSize(String value) ( 
this.size = value; 

) 

private String eire; 

public void setMuitiple(String multiple) ( 
this.multiple - multiple; 

) 

private String multiple; 

public void setDisanled(String disabled) ( 
this.disabled = disabled; 

) 

private String disabled; 

// even more code on the next page 
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even more pass-through attributes 


I'm getting sick of these tag attributes! 


public void setTabindex(String tabindex) f 
this.tabindex = tabindex; 

I 

private String tabindex; 

public void setOnfocus(String onfocus) ( 
this.onfocus - onfocus; 

) 

private String cnfocus; 

public void setOnblur(String onblur) ( 
this. oriblur = onblur; 

) 

private String nblur; 

public void setOnchange(String onchange) ( 
this.onchange = onchange; 

) 

private String onchange; 



VES we art (.vify 
do *< w,{h {he {*» 
i{{r.bu{e srtien 


// genetate the <select^ and -option* tags 
public void doTagO throws JspException, IOException ( 

PageContext pageContext = (PageContext) get JspContext (); 

JspWriter out = pageContext.getOut(); 

// Start the HTML <select tag with HTML-specific attributes 
out.print(”<select ">; 

// add mandatory attributes 

out.print(String.format(ATTRJTEMPLATE, "name", this.name)); 

// add optional attributes 
if ( this.id != null > 

out.print(String.format(ATTRJTEMPLATE, 
if ( this.ctyleClass != null ) 

out.print (St ring. forma t( ATTF JTEMPLATE, 
if ( this.style 1= null ) 

out.print(String.format(ATTRJTEMPLATE, 
it ( th:s.title !- null ) 

out.print(String.format(ATTRJTEMPLATE, “title", this.title)); 
if ( this.lang != null ) 

out.print(String.format(ATTRJTEMPLATE, 
if ( this.dir 1= nuil ) 

out.print(String.format(ATTRJTEMPLATE, 


'id", this.id)); 


'Vlas-;* 


rhi k . *=ryl <=>01 *■=-:) ) ; 
style", this.style)); 


*lang", this.lang)); 


“dir", this.dir)); 

q . . -1 .l* kere There s{,ll ~are Code The doTa^O -Hhod mus{ still 
ei of the^Lndard HTML <selet{> a{ir.bu{es L» {he re^ve rea» 

anoiher ? ay and a half And ^ «*‘* r 
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custom tag development 



You’re rtfjflu. This solution suck*. And it's ton* ol" code to 
keep up w ith. Worse, what if we want to create a suite ol 
custom lags to augment other HTML tags?! 

The lag handler class must implement a setter method for 
each ol the lag attributes declared in the TLD. But these 
setter methods aren't really doing anything interesting. I he 
values of these attributes are simply passed on to the output 
generated for the HTML <select> lag. 

We could apply an design prim iple: "Km apsulate that 
which varies."* In this case the set of optional H TML 
lag attribute* i* the thing that varies in this tag handler. 
One solution would be to put all of the attribute* into 
a hashtable. This generalizes the tag object's storage of 
attributes, but what about all these setter methods? We can't 
get rid of them unless there's a way to tell the JSP engine to 
set the tag attributes using a griterii interface. 


* Tku desijn principle is discussed on 

Head First Object-Oriented Analysis 

Jnd Design on pay 250 

Of Course, we would never shamelessly 
PM another Head First book, r^ht ? 
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dynamic is rwre flexible 



Didn't you know?l?l? 

The JSP spec provides an 
API just for this purpose 
The DynamicAttribute 
interface is all you need 


«inlerface» 


DynamicAttributes 


setDyramcA ttribute< 
uriString. 
name Siring. 
va/ueOb/ect) void 


the 

ip a hjshit-a? 
letter »ethod u u r 

^rzzitzi ^ 

vjftae of +h* tifeJ i e 

J, VAil/ - ' he tar. Mr^et«- 


SimpIcTagSupport 

z 

r 

1 


SelectTagHandler 


-opHonsUstLisi 
-tagAtfrs Map<St.nng. Object? 
*setOpthnsL>st(Usl) 
*setDynamzAttnbute{ 
uriString. 


name Siring. 


.~i- nk.u-i\ . 


venue uujttuj vxjru 


*<k>Tag() 
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custom tag development 


Our tag handler code using the 
PynawicAttributes interface 

Leu examine how DynamicAttributes looks in action. First, our 
tag handler class must implement the DynamicAttributes interface 
from the.(SI 1 AIM. And that interface require* you in implement the 
setDynamicAtt t ibute () method. This method need* to store the 
attrihule mune/valur pairs; a Itashm.ip is the perfect tlata siru> lure to 
hold this information; 

package C'im.example.t aglib ; 

import java. io.lOExceptiort; 
import java.util.HashMap; 
import java.util.List; 
import java.util.Map; 


import j avax.servle t.j s p.JspException; 

import javax.servlet.jsp.JspWriter; 

import javax.servlet.Jsp.PagaContext; 

imp-. rt javax. servlet. isp. tagext.DynamicAttributes; 

import j avax.s e rvle t.j sp.tagext.SimpleTagSupptrt; 


/“ 

• Version three of the HTML select tag uses the JSP 

• dynamic attributes mechanism to stare ail of the 

• pass-through HTML attributes in a hashmap. 

*/ 


public class SelectTaqHandler 

extends SimpleTagSupport 

implements DynamicAttributes 


II store the 'optionsList' attribute 
public vuid seLOpLiunaList(LisL value) ( 
this.optionsList - value; 


0vr ta$ hauler „«t 
DynJioicAtfrtbufri interface 


) 

private List optionsList - null; 


II store the ’name' attribute 
public void setName(String value) ( 
this.name - value; 

1 

private String name; 

II store all other (dynamic) attributes 
public void setDynamicAttribute(String uri, 

tagAttrs.put(name, value); 

1 


T^, tally, the setter irethod 
^ ? 4,r m a ? 


String name. Object value) 


( 


priv ate Mao- String, _*t. jv:t tagAttrs = new HashMap<String,Object>0 ; 
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adding dynamic r tributes 


The rest of the tag handler code 

Tin* only thing It* It is tlie doTag ( ) method. The only difference 
now is that the generation of the «tawkird HTML Oelect> tag 
attributes are stored in the hashntap. The doTag () tnethud must 
iterate over each entry in the map and generate the H TML attribute 
binding in the output stream. Everything else is the same. 

Pretty easy; huh? 

// generate the - select;- and option- tags 
public void doTagO throws JspExeeption, lOException ( 
PageContext pageContext = (PageContext) getJspContext<); 
JspWriter out - pageContext.getOut{); 

// Start the HTML <select> tag 
out.print(”<select "); 


II add mandatory attributes 

out .print (String. I ntvat (A7TF TEMPLATE, "name", this, name)); 


II add dynamic attributes 

for ( String attrName : tagAttrs.keySet() ) ( 


) 


String attxDefinition 

- String. format (ATTR_TEMPLATE, 

attrName, tagAttrs.get(attrName)); 


out.print(attrDefinition) ; 



out.printin(*>'); 



Tl “ weo m the 

£ tk, .a, 

the key (the tk< 


// Generate the <option> tags from the optionsList 
for ( Object option : optionsList ) l 
String optionTag 


I 


String.format<0F7I0N_TEMPLATE, 


,^4 1 J. 

t.n.i t . [. l x i it ± x i v'-'i- 1 •- -l 11 * ay l l 


option.toStt ;r.g()); 


// End the HTML </select> tag 
out.printing </select "); 

) II END of doTag method 

private static final String ATTR_TEMPLATE - "ys-'Ss' 
private static final String OPTION_TEMPLATE 
= ” 'option value='%l$s'> %l$s </option-"; 

I II END of SelectTagHandler 
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custom tag development 


OK, there is a little bit of 
configuration in the TIP 

Hall! You didn't think the solution was only in code, did yn? < >i course, 
there is an element of configuration required. Hey. it's the J$P spec we're 
talking about here Fortunately, the change is painless. The element you 
need to include is named <dynamic-,ittributes>: 

<3xml version="l.0" encoding="lSO-885S»-l'' ?> 

CPOCTYPE taglib 

PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" 
"http://java.sun.coin/j2ee/dtds/web-jsptaglibrary_l_2.dtd" • 


<tagiib • 

<tlih-version>1.2</tlib-versicn> 

<jsp-version>1.2</jsp-version> 
short-name "Forms 7aglib</short-name - 
^uri -http://example.com/tags/fortr.s</uri • 

<description> 

An example tab library of replacements for the HTML form tags. 
</descnption> 


<tag> 

<naroe>select</name> 

<tag-class -corn.example.taglib.SelectTagHandler</tag-class 
<body-con tent >emp t y</body-content > 

<description> 

This tag constructs an HTML form 'select' tag. It also generates 
the 'option' tags based on the set of items in a list passed in 
by the optionsList tag attribute. 

</description> 


^attribute? 

<name>optionsList</name? 

<type>java.util.List</type> 
<roqui rcd>t ruc</ reeju i rcd> 
<rtexprvalue>true</rtexprvaiue> 
</attribute> 

'.attribute 1 

<name>name« /name> 




<required>true</required? 

</attribute? 

<dynamic-attributes>true</dynamic-attributes> 

</tag> 


</taglib> 


[!“ A-ftt „ ^ „„ d iuli 
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invalid attributes 


Dumh Questions 




»L!-_I. 


You were using a Simple tag. Does 


A: 

f\ Yup, the DynamicAttributes 
interface can be implemented by a Classic 
tag in the same fashion as with a Simple tag. 
Even the configuration in the TLD file is the 
same. 


0 = 

Do dynamic attributes accept 
runtime expressions, like EL or <%= %> ? 


,/j^* Absolutely. By default even 
dynamic attribute may use EL or JSP 
expression Ians In specify the value of 
the atlrihulc In lari, did you notice dial 
llir data type of the valu* parameter 
of die setDynamicAttr ibute {) 
method i> Object, and not String? 
Eliis means dial the value (an evaluate 
to «nvjava object 


0 : 

What if I need to “compute" on data 
in a given dynamic attribute? 


A • 

£\‘ You can always inspect the name 
parameter and deride to perform some 
computation or transformation of the value 
of that attribute. But if you need that kind 
of functionality, then you should probably 
make that attribute explicit and perform 
your computation in that attribute's setter 
method. 


0 : 

What happens if the custom tag 
user enters an attribute name that is 
invalid? 


,/\* l liis i- the Sti l. (Mill question. 
Because the attribute names are 
m>t explicitly declared in tin- I LI). 
the JSP engine sends .ill other 
attributes to the tag handler using the 
setDynamicAt.tribute () method. 
Hie result is that the JSP author might 
mistype the name of a standard HTML 
attribute and never know it at least 
until the browser failed to invoke the 
behavior of that attribute. So. the 
first solution Gary proposed using 
explit it attributes with setters and I LI) 
declarations'! lias merit. Gan you iliitik 
of other reasons why Gan’s solution is 
belter than Kim's? 



FLEX YOUR MIND 

Gary’s solution made aii 
attributes explicit. Kim’s 
solution made most of the 
attributes dynamic. Both 
solutions have pros and cons. Is 
there an alternate solution? 
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custom tag development 


What about Tag Files? 


lag Files < an also include clynamu auribuies. The inidianisin is 

basically die same, but w ith Tag Files theJSI’ engine provides die ^ ^ <jy„a,w*i'aFbr’b*te» 

Map object li>r you. You can then imprci or iterate over that map of ' r a ^ e _s£«y«(i ^eiiWe 

atlrilmte/value pairs using die forEach JSTL lag. a 




»l? lag body—’ontent-* empty' dynamic-attrlbutes=' tagAttrs' 


<*0 attribute name-'optionsList' type-'java.util 

required-'true' rtexprvalue-'true' s 


<%P attribute name='name' required-'true' %> 

' %0 t ag 1 i b ur i="http: //java, sun -cun/jiip/jet 1/c 


• Li*-' 

1 


prelix="c" V> 


<select name='$ I name|' 

<c:forEach var—"attrEntry" i terns-•'$ {tagAttrs)”> 
$ (attrEntry. key) = ’ $(attrEntry. value)' 

</c:forEach> 

> 

■:c:forEach var-"nption" {optionsList | " ■ 

<option value-'S{option)*> ${optionI </option 
• 7c:forEach • 


* rj.” ***** e^h entry 
*Ur,bute’, 1 
hjshmap Remember, tk e key j 

^ va, « ^ entyy n 
the «L e of tbe >ttnbuie 


</select> 


■ The DynamicAttributos interface allows the tag 
handler class to accept any number of tag attnbutes 

■ The tag declaration in the TLD must include the 

<dynamic-attributes> element 

■ Explicit tag attnbutes must have a setter method 

■ Typically, you will use a hashmap to store the 
dynamic attribute name/value pairs using the 

setDynamicAt tribute () method 


■ Tag Fries may also use dynamic attributes. 

■ Use the dynam. c-att r ibutea attribute of the 
tag directive 

■ The value of dynamic-attributes holds a 
hashmap of the dynamic attnbutes 

■ Typically, you will use the JSTL f orEa h custom 
action to iterate over this map 
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BodyTag interface 


Put what if you PO weed access to the body contents? 


You'll probabh find that most of the time the lifecycle methods from the Tag and 
IterationTag interfaces, as provided by TagSupport, arc enough. Between the three key 
methods doStart lag . doAftcrBody:and doEndTagQl. you can do just about anything. 


Except. ..you don’t have direct access to the font ruts of the body. 11 you need access to the 
actual body contents, so that you can, say. use it in an expression or perhaps filter or alter it 
in some way then extend BodyTagSupport instead ol TagSupport, and you'll have access to 
the Body lag interlace methods. 



BodyTag interface 


«interfece» 

_ BodyTag _ 

void dotnltBodyO 

void setBodyContenttBodyContentl 


Exlending BodyTagSupport 
gives you two more lifecycle 
methods from the BodyTag 
interface-selBodyfonlentO 
and doInitBody(). You can 
use these to do something 
with the actual CONTENTS 
of the body of the tag used 
to invoice the handler. 


TagSupport class 


\ 

\ 


TagSupport 

mt doAfterflodyl) 

mt doStartTagd 

' 

vwd setPageContextfPageContext) 
II more methods 



N BodyTagSupport class 


BodyTagSupport 

mt doStartTagl) 

BodyContent getBodyContenll) 

void ddnitBodyO 

void setBodyContent(8odyCont«nt) 

II won methods 
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custom tag development 


With BodyTag, you get two new methods 

When you implement BodvTag (by extending BodyTagSupport). you get 
two more lifecycle methods srtBodyContcnti,' and dolnitBodyl i. You also 
gel one new return value lor doStart’l agt). K\ AL_B( )1)Y_BU1-TKRED. I hat 
means there are now thru possible return values for doStart'l'agt), instead 
of the two you gi t when you extend TagSupporl. 

Lifecycle for a tag that implements BodyTag 
(directly or by extending BodyTagSupport) 


return 

E\ML BODY BUFFERED 
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Body Tag and BodyTagSupport 


With PodyTag, you caw buffer the body 

l lii- BoclyConlcnt argument in seiBochConlenlO i* actually a 
type ol java.io.Writer, (Yes. it's ()|\ to line! that disturbing from an 
<)() perspective.) Blit that means you c an process the body by, say. 
chaining it to another IO stream or getting the rats bytes. 


'V’ What happens If I return 
EVAL BODY BUFFERED even though the 
invoking tag is empty? 

A! 

x\.' The setBodyContentO and 
dolnitBodyO method will not be called 
if the tag invoking the handler is empty! 
And by empty, we mean that the tag was 
invoked using an empty tag <mylag /> or 
with no content between the opening and 
closing tags <my:tagxmy:tag>. 

The Container knows there's no body this 
time, and it just skips to the doEndTagO 
method, so this is usually not a problem. 

Unless the TLD declares the tag to have an 
empty body! If the TLD says 
<body-content>empty</body-content>, 
you don't have a choice, and you must NOT 
return EVAl_BODY_BUFFERED or 
EVAL_BODY_INCLUDE from doStartTagO. 


What about attributes in a Classic 

taa? Are thev handled the same wav as 

* " -- 0 ------- “/- 

with Simple tags? 

A • 

Yes, on the sequence diagram for 
both Simple tag handlers and Classic tag 
handlers, there was a place where bean- 
style setter methods are called for each 
attribute.This happens before a Simple 
tag's doTag() or a Classic tag's doStartTagO. 
In other words, tag attributes work in 
exactly the same way for both Classic and 
Simple tags, including the way in which 
they're declared in the TLD. 



Jlekx 


You don't need to 

know all the details of 

using BodyTagSupport. 

'TTJX BUFFERED (mm 

M0 new methods fromtheBodyJag 

interface, but that s about 



"wodl o ;: s ? 9 d T cc,ares ^ 

return Wn l!°* ti,rtTa »0 MUST 
_ — ” w,% *r ouuyi 

•hat might be obvious h„t a 

*** your lag handler and TLDmt^ to be caref “> to 

lag in the TLD to have <body^ontTll S °’ ' fy °° dBdar * 3 
’hen there , s absolutely N0 p^ ™ZT Pty</bod y-<*>»lent>. 
extending BodyTagSuppom Th U J"'"Elementing BodyTag (of 
m implementing Herat,on Too tut iT° '”° a ' 7s there IS no pant 
extending Tag Support 9 m ' 9et ,hat automatically by 

’'^^Dd^r^an 0 ^^ BODY from doSlanTag () 
implement IterationTag or Body^g ** even * F W 
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custom tag development 


Exercise 


Lifecycle methods for Classic tag methods 

Fill in the chart below We ve covered almost everything ynu need tn do this 
correctly, but you'll have to guess m a few places. (Don t turn the page!) 



BodyTagSupport 

TagSupport 

doStartTag() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



doAfterBody() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



doEndTag() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



dolnitBodyO and 
setBodyContent() 

Circumstances under which they 
can be called and number of 
times per tag invocation 
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Classic tag lifecycle return values 


Exercise 

Answers 


Lifecycle return values for Classic tag methods 

You re expected to Know all of this for the exam' 



BodyTagSupport 

TagSupport 

doStartTag() 

possible return values 

S*IP_B0DV 

EVAL_B0Dy'JNCLUDE 

EMlJJODyL&UFEERED 

S«P_B ODY 

£ML_B0DYJHCLUV£ 

default return value from the 
implementation class 

EML_B0DOuFFERED 

S*IP_B0D/ 

Number of times it can be called 
(per tag invocation from a JSP) 

Enaclly o «tt 

Exactly once 

doAfterBody() 

possible return values 

S*|P_B0Dy 

El/AL_B0py_A W 

SKIP_B0Dy 

Et/AL_B0Dy_A$AIN 

default return value from the 
implementation class 

SK|P_B0D/ 

S^IP_B0DV 

Number of times it can be called 
(per tag invocation from a JSP) 

l^cro to **any 

to •*>any 

doEndTag() 

possible return values 

S*|P_PA$E 

EVAL_PA<$E 

SK|P_PA$E 

EVAL_PA^E 

default return value from the 
implementation class 

EVAL_PA$E 

mL_?M£ 

Number of times it can be called 
(per tag invocation from a JSP) 

Exactly once 

Exactly onc< 

dolnitBodyO and 
setBodyContent() 

Circumstances under which they 
can be called, and number of 
times per tag invocation 

Exactly ondC, 3rd ONLY if 
doStirtTW) iretulrnj 

£VAL_BODY_BUFFSR£D 

NEVER! 
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custom tag development 


What if you have tags that work together? 


Imagine (his scenario...you have .1 <tninc:Mrmi> t;ii' ih.it liuikls a custom 
navigation bar. It needs menu items. So you use a <mine:MenuI(em> tag 


nested within the <minc:Menu> tag. and the menu tag gets ahold 1 somehow) 


of the menu items and uses those items to build the navigation bar. 



<mine:Menu > 

<mine:MenuItem itemValue="Dogs" /> 
<mine:MenuItem itemValue="Cats" /> 
<jnine:Menu!tem itemValue*"Horses" /> 


</mine:Menu> 


I he big question is, how do the lags talk to one another? In other words, 
how does the Menu tag I the enclosing tag' get the attribute values from 
the Menu items (the iuner/nesletl tags ?? 

Nested tags are used ill several places in the JSTL; the <1 :ehonse> tag. with 
its nested <c:when> and <c:olhenvise> tags, is a good example. Ami you 
might need to use “cooperating tags'* (that’s how the spec xav> it in your 
own custom development as well. 

Fortunately, there's a mechanism for getting info to and front outer and 
inner tags, regardless of tin- depth of nesting. That means you can get 
into from a deeply nested tag out to not just the tag’s immediate enclosing 
tag. hut to any arbitrary tag up the tag nesting hierarchy. 



Look at the Tag API, review the previous tag handler code, and think 

ahrmt how cooperating tags might get info to and from one another 


«interface» 


Tag 


intdoEndTagO 
Tag getParentf) 
int doStoilTagO 


void setPageContextlPageCoctext) 
void setParent(Tagi 
void retesseO 
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the getParcnt{ method 


A Tag can call its Parent Tag 

Both SimpIcT.ig and Tan have a grtParmt method. The get Parent 11 in Tag 
returns a Tag, but the tjctParcnt in Simple lag returns an instance of JspTag, 
We'll see the implications of those return types in a minute. 


«in)erface» 

JspTag 




«mterface» 

SlmpleTag 


«inte/face» 

Tag 

voiddoTagO 


int doEndTagtl 

JspTag getParentO 


Tag gefPanmff) 

void seOsp8ody{JspFtagment) 


mtdoStartTag/l 

void seUspConlextiJspContext) 


void setPageContexttPageContedt 

void setParent(JspTag parent ) 


void setParentf Tag] 



void released 


A nested tag can access its parent (enclosing) tag 

cmine:OuterTag> , T » 

<mine: InnerTag / ^ — -x In ihis velai'orshiy, u rr „ ^ 

</mine:OuterTag> is the InnerTa^ 


Getting the parent tag in a Classic tag handler 

public int doStartTagO throws JspException \ 

OuterTag parent = (OuterTag) gotParent(); 


_ If 

tt UU £3UtlU~LjJXlJlJ WXi.ll XL 

return BVAL BODY INCLUDE; 


, w 


Getting the parent tag in a Simple tag handler 

public void dcTagO throws JspException, IOException I 

OuterTag parent - (OuterTag) getParentO; 

// do something with it if— (ft ^ 

' . ^ 

do 


* C+3 tV l ^ ~ ,t_ 

,Cl»i 


for 3't ike U4 
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custom tag development 


Find out just how deep the nesting goes... 

You can walk your way a// the ancestor lag chain by continuing to call 

gel Parenton whatever is returned by getl’arent(). Because get Parent'; return* 

either another tag (on which you can call get Parent i. or null. 

In a JSP 

• nune:NestedLevel> 

<mine:NestedLevei :> 

--tninetMestedLevel/:- 
</mine:NestedLevei> 

< /mine:NestedLevel> 


In a Classic tag handler 

package foo; 

import javax.servlet.jsp. 4 ; 
import javax.servlet.jsp.tagext.*; 
import java.io.*; 

public class NestedLevelTaq exLenis TagSupport ( 
private int nestLevel = 0; 


public int doStartTagO throws JspException ( 

nestLevel - Of , . method 

Tag parent ■ getParentO ; ^_^ t>e 


while 


I 


If it's hull, the* were at the top l«v e |, 
Jnd we don’t have a parent 


(parent!=null) ( 

parent = parent.getParent(); 

nestLevel+tf . <• ,, 

B.t.(C. ~t tht e'" 1 ." ^ 


try | 

pageContext.getOutO.printlnt"<br Tag nested level: 
) catch(lOExcepcion exl ( 


+ nestLevel!; 


throw nsw JspExcept ion {^TOExcspt iop.- 


sv t-esOf r-4 nr* M 1 • 

-e* • w - •- . . < , .« , / , , 


) 

return EVAI. BODY INCLUDE; 


Result 


lag nested level: 0 
Tag nested level: 1 
Tag nested level: 2 
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Simple and Classic ■■'action 


Simple tags can have Classic parents 


This is nut .1 problem, because a Simple lag's getl’arenif) returns type 
JspTag, and Classic mgs and Simple tags nmv share tlie.JspTag super 
interlace. Ac tually, ('.lassie lags c an have Simple parents, but it lakes a 
slight hack to make that work because you can't cast a SimpIcTag to 
the- Tag return value of the lag interlace grtl’amup. We won’t go 
into how to access a Simple tag parent from a Classic child lag*, but 
all you need to know for the exam (and almost certainly real web app 
life! is that b\ using get Parent , a ('lassie tag can access Classic tag 
parents, and a Simple tag c an access either a Classic or Simple parent 



Using the gelParenlQ method, 
a Classic tag can access 
Classic tag parents, and a 
Simple tag can access either a 
Classic or Simple parent. 


In a JSP 

<mine:ClassicParent name-"CIassicParentTag"> ^ 
<mlne:SimpleInner /> 

</mine:ClassicParent> 

In the Simplelnner tag handler 

public void doTagl) throws JspException, IOException I 

HyCldssiuPdtviiit pdienL — (HyCldssiciPdieiil) yeLPatwnL<); 

getJspContext().getOut(>.print("Parent attribute is: ” 

) 


What if the tV«U (S.-.flelnrcer) «arti 

atte ss the parent's W MrMe? 




It's 0< for a W leTi 5 
ask far a Claw.e pareri 


In the ClassicParent tag handler 

public class MyClassicParent extends TagSupport | 
private String name; 
public void setNatne (String name) | 
this. r:»:ne=nanie i 


parent.ge t Name()); 

I fj *** 1 «ii 

-oethods cm ,{ | (ke a J ava 


1 


public String getName() 
return name; 

) 

public int doStartTagt) throws Jsp>Exception I 

ret jrn EVAL BODY INCLUDE; ^ £0py, the 

never be processed* 


1$ 

inner ta$ W'll 


*l( you re really curious, look at the 
TagAdapter class m the J2EE 14 API 
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custom tag development 


You can walk up, but you can't walk down ... 

There’s a get Parent() method, but there's no getChildf). Ye I the 

scenario wc showed earlier was lor an outer <my:Menu> tag that needed 
access to its nested <iny:Memiltcm> tags. What can wc do? How can the 
parent tag get information about the child tags, when a child can get a 
reference to the parent, hut the parent can’t ask for a reference to the t hilrl? 



— ^Sharpen vour pencil 


/ i 


How oould a parent tag get attnbute values from a child tag? 
Descnbe how you would implement the functionality of the 
cooperating Menu and Menultem tags 
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sending info ro r/i° parent 


fretting info from child to parent 

We have two main ways in whit It lags t an cooperate with one another: 

I The child tag needs info Tike an attribute valuei from its parent tag. 

2) The parent tag needs inlb from each of its child tags. 

We've already seen how the first scenario works the child tag gets a 
reference to its parent using gel Parent . then calls getter methods on thr 
parent. But what happens when thr parent needs info from the i hild? We 
have to do the same thing. In other words, i! the parent needs info from the 
i hild, it's the child's job to give it to the parent! 

Since there’s no automatic mechanism for the parent to find out about it< 
child tags, you simply have to use die same design approach to get info to 
the parent /mm the child as you do to get info front the parent to the child. 
You get a reference to thr parent tag, and call methods. Only instead of 
getters, (his time you'll rail some kind of .iWor add method. 

In a JSP 

taglib prefix="mine" uri="KathyClassicTags" %> 
<html><body> 

<mine:Menu > 

<mine:MenuItem itemValue="Dogs" /> 

<mine:MenuItem itemValue="Cats" /> 

<mine:MenuItem itemValue="Horses" /> 

</mine:Menu> 

</body></html> 


Result 



we didn't at-tuall'y \)V 

thi * vt them, Wt Y* «•* 

ri *wt the -U* to Wild a 
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custom tag development 


Menu and Menultem tag handlers 


In the child tag: Menultem 

public class Menultem extends TagSupport { 
private S t r i ng itemValue ; 

public void setltemValue {String value) ( 
itemValue=value; 




public int doStartTagO throws JspException < 
return EVA1_BODY_INCLUDE; 

1 

public int doEndTagO throws JspException 1 

Menu parent ■ (Menu) getParentO ; 
parent.addMenuItem(itemValue); 

return EVAL PAGE; 




public class Menu extends TagSupport ( 
private ArrayList items; 


In the parent tag: Menu h t 

public class Menu extends TagSupport ( tv,s a NOT a. ^ a 

private ArrayList items; ^ e * lS b ONU ^ 

(r^ 1' ^ (i?\ raUed - 

publ c v i i addMenuItem sr r m i item) | , i i» *aW« 

items.add (item); ^ O W 

, doSia^-Ta^O a^ 

public int doStartTagO throve JspException l , i._ ^ 

items - new ArrayList () ; ** * sct ^ V* r»*l W tWe L 

return EVAL_BODY_INCLUDE; ^ 

^ r’oCesse*^ 

public int doEndTagO throws JspException | 
try | 

pageContext.getOut()-printin(“Menu items are: “ + items); 

) catch(Exception ex) ( 

throw new JspException("Exception: “ • ex.toString0); 

I 

// imagine complex menu-building code here... 
return EVAL PAGE; 


—— 

** P^oCcitedl 


I 
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finding an ancestor 


fretting an arbitrary ancestor 

lliw is another mechanism you can use if you want to, say. skip some 
nesting levels and go straight to a grandparent or something even 
further up the tag nesting hierarchy. The method is in IhuIi TagSupport 
and Simple'TagSupport although they have slightly different behavior), 
and it’s called lindAncestorWithClassi (). 

Getting an immediate parent using getParent() 

OuterTag parent = (OuterTag) getParentO; 


Getting an arbitrary ancestor using findAncestorWithClass() 

WayOuterTag ancestor = (WayOuterTag) findAncestorWithClass(this, WayOuterTag.class) 


findAncestorWithClass(this, WayOuterTag.class); 


f T 

lkt ** ^ w „ t 


The Container walk* the tag nesting hierarchy until it finds a tag that's 
an instance of this class. It returns the ,lint tine, so there’s no way to say 
“skip th c first tag you see that's .in instance of W'ayt hiterTaga lass and give 


-C , f.-. !C 


you wanted the second instance of a tag ancestor of that type, you'll just 
have to get the return value of linclAncestorWithClassi , and then call 
get Parent' or ItndAncrstorWithCUts.M i on it. 


You will not lie tested on any details of using findAm esiorWithClassii. 
All you need to know for the exam is that it exists! 
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Ejtercise 


Key differences between 
Simple and Classic tags 



Simple tags 

Classic tags 

Tag interfaces 



Support implementation 
classes 



Key lifecycle methods that 

YOU might implement 



How you write to the response 
output 



How you access implicit 
variables and scoped attributes 
from a support implementation 



How you cause the body to be 
processed 



How you cause the current 
page evaluation to STOP 
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s 

Exercise 

Answers 

Cey differences between 
»imple and Classic tags 

Simple tags 

Classic tags 

Tag interfaces 

Simple Tag (extends JspTag) 

Tag (extends JspTag) 

Iteration Tag (extends Tag) 

BodyTag (entends Iteration Tag) 

Support implementation 
classes 

Simple TagSupport 
(implements SimpleTag) 

TagSupport (implements IterationTag) 

Body TagSupport (extends TagSupport, 
implements BodyTag) 

Key lifecycle methods that 

YOU might implement 

doTagO 

doStartTagO 

doEndTagO 

doAfterBodyO 

(and for BodyTag- 
dolmtBodyO and 
setBodyContentO) 

How you write to the response 
output 

getJspConte*t() getOutO pnntln 

(no try/catch needed because SimpleTag 
methods declave IOE*ception) 

pageConte*t getOutO prmtln 
(wrapped m a try/catch 
because Classic tag methods do 

NOT declare the [OEnCeptionO 

Mnw vnu Imnlirit 

variables and scoped attributes 
from a support implementation 

u/lt LI. - L 1 _ P i.-i/’V -1L J 

wrtn tnc mci/nou 

that treturrM a JspContc*t fwhi^h 
is usually a PdyC©*t£*t) 

IA/4-Ii ik# r>3A#r 

* • »V.*' V*«w 

variable—NO i a method like it 
is with SimpleTag^ 

How you cause the body to be 
processed 

get JspBody() invoke( null) 

Return Ei/AL_BOD/JNCU<DE from 
doStartTagO, or 

E\/AL_BODy_Bul=FERED .f the 

class implements BodyTag 

How you cause the current 
page evaluation to STOP 

Throw a SkipPage£*ception 

Return SK|P_PA^E from 
doEndTagO 
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Using the PageContext API for tag handlers 


Thii pane is just a review from what you saw in tin* So ipt-frec )NPs chapter, hut 
it comes up again here because it's crucial for a tag handler. A tag handler ( lass, 
reinemhcr, is not a servlet or aJSP, so it doesn’t have automatic access to a bunch 
Ol implicit objects. But it does get a reference to a PageContext. and with it, it 
can get to all kinds of things it might need. 


Remember that while Simple lags get a reference to aJspC'.ontcM and Classii 
tags gel a reference to a PageContext, the Simple tag's JspContext is usually 
a PageContext instance. So if your Simple tag handler needs access to 
PagcContexi-speeifa methods m fields, you'll have to cast it from a JspContext to 
the PageContext it really is on the heap. 


JspContext 

getAttribute(String name) 
getAttribute(String name, int scope) 
getAttributeNameslnScope(int scope) 
findAttributefString name) 
getOut() 

II more methods including similar 
II methods to set and remove attributes 
ll from any scope 


I 


PageContext 

APPLICATION SCOPE 

PAGE SCOPE 

REQUEST SCOPE 

SESSION SCOPE 

II more fields 


getRequest() 

getServletConfigO 

getServletContext() 

getSession)) 


II more methods 



0 


The one-arg 

getAttribute(String) is 

for page scope ONLY! 

There are TWO overloaded gelAttnbuteO 
methods you can call on pageContext. 
Tone-erg tha, lakes a Stnng. and a two-arg 
that lakes a String and an ml. The one-arg 
version works just like all the others-its for 
attributes bound TO the pageContext object 
But the two-arg version can be used to ge 
an altnbute from ANY of the four scopes 



findAttributef ) looks in 
EACH Scope starting 
with PAGE SCOPE. 

You can expect to be tested on this!! The 
96lAtlnb ote(Stnngj and 

n^AeT J e<Slr,n9> can ** dramatic—the 
g tAttributo(Stnng) method looks ONLY in pane 
scope, while the findAttnbute(STRING) wilFSarch 

order of page, request, session, and appltcabon 

rZTttriLT,m Sl ° ne " r ' ndS that malch ™ Ido 

findAttnbute(Stnng) argument. 
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tag files exercise 


frSharpen your pencil 


Memorizing Tag Files 

ANSWERS 


(?) Fill in what would you must put into a Tag File to declare that the Tag has one required 
attnbute. named "title', that can use an EL expression as the value of the attnbute. 


<%@ attribute name—"title" required—* true” rte*prvalue—"true" %> 


(|) Fill in what would you must put into a Tag File to declare that the Tag must NOT have a body. 


<%@ ta$ body-do* tent—"erwpty” %> 


(|) Draw a Tag File document 
in each of the locations 
where the Container will 




Directly inside WEB-INF/tags 

Inside a sub-directory of WEB-INF/lags 

Inside the META-INF flags directory inside 
a JAR file that's inside WEB- INF/lib 

Inside a sub-directory of META-INF/tags 
inside a JAR file that s inside 
WEB-INF,! ib 

IF the tag file is deployed in a JAR. 

fKArn l.f I 1CT Kn *1 TV H fr\r tfin for* ft!s\ 
uioc i n\j\j i uc a i i_J_/ jut ukt i ay me 
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How < .m a Classic i.ik handler instruct the container to ignore ihr remainder of 
I theJNP that invoked the tag? 

Choose .ill that apply. I 

Q A. The doEndTagO method should return Tag. SKIP_BODY 
*-) U 111- doEndTagO method should return Tag.SKIP_PAGE 
_] G. The doStartTag () method should return Tag.SKIP_BOOY. 

_] 1). The doStartTag () method should return Tag.SKIP_PAGE. 


Whic h direc tives and/or standard ac tions are applic able ONI.Y 
within tan Hies? (Choose all that apply.) 

Q A. tag 
□ It page 
^ C. Jap.body 
i_l D. j sp: doBody 
LJ E. j sp:Invoke 
d I taglib 


you are here ► 579 



mock }xam 


A medical website liidr> selec tive content front users who are not registered. In place 
of tlir hidden content, a message should display to encourage users to register. Given 
tlu- Simple tag handler snippet: 

11. public int doTagO throws JspException, IOException { 

12. String level = 

13. (String) getJspContext().findAttribute("accountLevel"); 

14. if((level == null || "trial".equals(level))) { 

15. String price = // TODO get context param 

16. String message = "Content for paying members 

only.<br/>"+ 

17. "<a href="register. jsp">Sign up now for only 

"+price+"!</a>"; 

18. getJspContext(),getOut().write(message); 

19. ) else { 

20. getJspBody (). invoice (null) ; 

21 . ) 

22 . ) 

At line 15, the price lor registration should hr retrieved from a context parameter 
named registration Fee, however there are no methods onJspConlcxt tor retrieving 
i ontext parameters. What i an solve this problem? 

□ A. Retrieve the value with pageContext. getServletContext () 

.getlnitParameter("registrationFee"); 

iJ 15. f ast the JspContext to type PageContext o that you can Use the 
meiliods ol PageContext to retrieve the context parameter. 

O f. Retrieve the value with 

getJspContext().findAttribute("registrationFee"); 

D 1). Throw' an exception to let the user know that the price could not be found. 

□ E. This is impossible with a Simple tag. A Classic tag must be used. 
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Which Simple tag mechanism "ill tell aJSP page to stop process in g. J 
L) Reiurn SKIP_PAGE from the doTag method. 

□ B. Return SKIP_PAGE from the doEndTag methiKl. 

□ Cl. Throw a SkipPageException from the doTag method. 

CD l). Throw ■ • SkipPageException fn>m the doEndTag method 


5 Which are true about the Classic lag model.' Choose all that 
apply.) 

□ A. The Tag interlace can only be used to create 
empty tags. 

Q B. The SKIP_PAGE constant is a valid return value of 

the doEndTag method. 

□ C. The EVAL_BODY_BUFFERED constant is a valid 
return value ol the doAf terBody method. 

[J I). Tin Tag interface only provides two values lot the return 
value of the doSfcartTag method: SKIP_BODY and 
EVAL_BODY. 

L) K. There an- three tag interlaces Tag. IterationTag. 
and BodyTag hut only two built-in base classes: 

TagSupport, and BodyTagSupport 
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Which are true about the findAncestorWithClass method in 
the TagSupport class? Choose all that apply 

Q A. It requires one parameter: \ Class. 

U B. It is a static method in the TagSupport class. 

U ( It is a non-static method in the TagSupport class. 

Q II It is N< U defined by any of the standard JSP tag 
interlaces. 

Q K. It requit es two parameters: A Tag and a Class 

Q I’. It requires one parameter: A String representing the 
name of the tag to he found. 

O G. It requires two parameters: A Tag and a String, 
representing the name of the tag to be found. 


7 


Which must he true if you want to use dynamic attributes for 
a Simple tag handler? (Choose all that apply. 


O A. Venn Simple tag mils! NOT declare any statii 
lag attributes. 

□ 15. Your Simple tag must use the <dynamic-attributes> 
element in the I 1.13. 


n r v« 


Ntinnl/* »•»*» I*nt • k I nnnlomonl llw 
»••»•» c^lllljcic Ml|^ IHtllUlt ■ lilUill nilj'IC IIIC lit MIC 

DynamicAttributes interlace 


□ D. Your Simple tag should extend the 

DynamicSimpleTagSupport class, which 
provides default support lor dynamic attributes. 

□ !•:. Yout Simple tag CANNOT be used with the 

jsp: attribute standard action, because this 
action works only with static attributes. 
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Which in true about lag files; 1 Choose all that apply. 

□ A. A lag tile may be placed in any subdirectory • >1 WEB-INF 

Q It. A lag lilc must have the file extension of . tag or . tagx 

Cl. A I I.I) file must be used to map the symbolic 
tag name to the actual lag file. 

Q I) A lag tile may N( )T be placed in a JAR tile in the 
WEB-INF/lib directory. 


(liven: 

10. public class BufTag extends BodyTagSupport { 

11. public int doStartTagO throws JspException { 

12. // insert code here 

13. } 

14. } 

Assume that the tag has been properh configured to allow body content. 

Which, il inserted at line 12. >vouid cause theJfiP code 

Cmytags :myfcag>BadyConfcent</mytags :myfcag> to output 
BodyContent’ 

□ A. return 3KIP_DODY, 

□ It. return EVAL_BODY_INCLUDE ; 

□ C. return EVAL_BODY_BUFFERED; 

□ U. return BODY CONTENT; 
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Which about doAf terBody () is true? (Choose all that apply, i 

Q A. doAf terBody () is only called on tugs 
that extend TagSupport 

L) IS doAf terBody () is only called on tags 
that extend IterationTagSupport. 

LD ( Assuming no exceptions occur, doAf terBody () 
is always called after doStartTag () lor any tag 
that implements IterationTag 

D I) Assuming no exceptions occur, doAf terBody () is 

called alter doStartTag () for any tag that implements 

IterationTag and returns SKIP_BODY from doStartTag() 

^ I Assuming no exceptions i )nur, doAf terBody () is culled after 

doStartTag() for any tag that implements IterationTag and 
returns EVAL_BODY_INCLUDE from doStartTag () 


11 


(liven a JSP page: 


1. <%@ taglib preflx="my" uri="/WEB-INF/myTags.tld" %> 

2. <my:tagl> 

3. <%— JSP content —%> 

4. </my:tagl> 


I he tag handler for my: tagl is TaglHandler and extends TagSupport. 

What happens when the instance of TaglHandler i alls the getParent 
method? (Choose all that apply.; 


^ A A JspException is throw n. 

^ B. The null value is returned. 

d C. A NullPointerException is thrown. 

J 1) An IllegalStateException is thrown. 
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Which is true about the lit'crycle •>! a Simple lag? 
(Choose all that apply.) 


—) A. rite release method is called after the doTag method. 

LJ B. rhe setJspBody method is always called before the 
doTag method. 

Q C. The setParent and setJspContext methods ate called 
iinniedi.iieb before the tag attributes are set. 

Cl 1). I he JspFragment of the tag Is ids is invoked by the Container 
liefore the tag handler’s doTag method is called. 1 his value, a 
BodyContent object, is passed to the tag handler using the 

setJspBody method. 


13 


t liven; 

10. public class ExampleTag extends TagSupport { 

11. private String param; 

12. public void setParam(String p) { param = p; } 

13. public int doStartTagO throws JspException { 

14. // insert code here 

15. // more code here 

16. } 

17. > 


Which, inserted at line 14, would he guaranteed to assign the value of the request-scoped attribute 
param to the local variable p:' Choose all that apply. 


Q A. String p 
_) B. String p 
Q C. String p 
-J I). String p 
Q E. String p 


findAttribute("param"); 
request.getAttribute("param"); 
pageContext.findAttribute("param"); 
getPageContext().findAttribute("param"); 

(String) pageContext.getRequest().getAttribute("param"); 
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Which are valid method calls on a PageContext object? 

■[Choose all that apply.) 

D A. getAttributeNames () 

□ B. getAttribute("key") 

_] C. findAttribute ("key") 

-J 1). getSessionAttribute () 

_] K. getAttributesScope("key") 

□ I findAttribute("key", PageContext.SESSION_SCOPE) 

□ G. getAttribute("key", PageContext.SESSION_SCOPE) 


Which is the most efficient JspContext method to call to access an 
.ittrihnle that is known to be in application scope? 

G A. getPageContext() 

-J B getAttribute (String) 

C. findAttribute(String) 

I - ! r» / o*- 

iv. , xul; 

□ E. getAttributesScope("key") 
i_J I getAttributeNamesInScope (int) 
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Whai is ilit* best strategy, when implementing a custom tag, for finding 
lhe value of an attribute whose* scope is unknown? 

□ A (L'hcck all scapes with a single 

pageContext.getAttribute (String) call. 

Q B Chee k all scopes wilh a single 

pageContext.flndAttribute(String) i all 

LJ C. Check each scope with calls to 

pageContext.getAttribute(String, int) 

Q D. Call pageContext.getRequest() .getAttribute(String), 

then call pageContext .getSession () . getAttribute (String). 

and so on. 

l] I. None of these will work. 



(liven a lag. simpleTag. whose handler is implemented using the Simple lag model 
and a tag, complexTag. whose handler is implemented using the Classic tag model 
Both tags are declared to he non-empts and non-tag dependent in tin 11.1) 


Which JSP code snippets are valid uses of these tag? iChoose all that apply. 

Q A. <my : simpleTag> 

<my:complexTag /> 

</my:simpleTag> 


U B. <my : simpleTag> 

^ 'X _ J 1 » >«ffl AM Q- v 

t — uxbpxay b 

</my:simpleTag> 


□ C. <my : simpleTag> 

<%@ include file="/WEB-INF/web/common/headerMenu.html" 
</my:simpleTag> 


LI D. <my:simpleTag> 

<my:complexTag> 
<% i++; %> 
</my:complexTag> 
</my:simpleTag> 


%> 
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Which arc true about the lag File model? (Choose all that apply. 


□ A. Kadi lag Hie must have .1 1 orrespouding 
entry in a TLD file. 

Q B. All directives allowed iu.JSP pages are allowed 
in Tag Files. 

L) C. All directives allowed in Tag Files are allowed in 
ISP pages. 

Zi 1), I'he <jsp:doBody> standard action nm only lie 
used ill Tag Files. 

G F. The allowable file extensions fiir Tag Files are .tag 
and . tagx 

Q F. For each attribute declared and specified in a Tag File, 
the container creates a page-scoped attribute with the 
same name. 


19 


Which are valid in tag files? (Choose all that apply.) 


LJ A. <jsp:doBody /> 

J B. <jsp:invoke fragment="frag" /> 

Q C. <%@ page import="java.util.Date" %> 

_) 1). <%@ variable name-given="date" 

variable-class="java.util.Date" %> 

Q t. <%@ attribute name="name" value="blank" 
type="java.lang.string" %> 


Which returns the enclosing tag when called limn within a tag handler class? 
'Choose all that apply. 1 

—1 A. getParent() 

□ B. getAncestor() 

O C. findAncestor() 
a 1 ). getEnclosingTag () 
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Given a web application structure: 


/WEB-INF/tags/mytags/tagl.tag 
/WEB-INF/tags/tag2.tag 
/WEB-INF/tag3.tag 
/tag4.tag 

Which lag* could be used by an appropriate taglib din-dive? 
Choose all that apply. 


^ A. tagl.tag 
-J IS. tag2 . tag 

□ C. tag3.tag 

□ I). tag4 . tag 


A wel> application includes many forms for users to lill out and submit. Nothing 
in the pages indicates that a field is required. Business decided that a red asterisk 
should be placed preceding the text labels ol required fields but the project 
manager is contending that the background color of required fields be light blue 
and another department is demanding that the project's application he consistent 
with their own. where the text ol the label* be bold for required Held*. 

Considering the different perspectives on how required fields could be identified 
in page's, choose the most maintainable usage of a custom tag. 

LJ A. <cust:requiredIcon/>First Name: cinput type="text" 
name="firstName"/> 

It. <cust: textField label-"First Name" required-"true"/> 

Q G. <cust:requiredField color-"red" symbol-"*" 
label-"First Name"/> 

Q D. <cust:required> 

First Name: <input type-"text" name-"firstName"/> 
</cust:required> 
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I KP wZ0 M J''" 

Ho« trail a (.'lassie lag handltrr instruct the container to ignore the remainder of 
1 the JSP ih.it invoked the tag? 

(Choose all that apply.) ^ ^ „ m , a M 

□ A. The doEndTagO method should return Tag.SKIP BODY ,< Lt a valid return <* 

Um# 

15. The doEndTagO method should return Tag.SKIP_PAGE 

-Option C i* invalid because it 

Li C. lire doStartTagO method should return Tag.SKIP_BODY oJy tauses the body of the 

ta^ to be skipped 

—) 1). The doStartTagO method should return Tag.SKIP_PAGE -Option £> « invalid b e ii 

" l “ u “ 


Which directives and/or standard actions are applicable ONLY 
within tag files? Choose all that apply.) 

A. tag —Option h i* valid (p^ I—IT}) 


U B. page 


-Option B is invalid betas.se the pay direttive is 
never allowed in a ta$ f<le (p^ l-ln^ 


U C. j sp:body 


-Option C IS Invalid Utanc th« j*p body aet.on 

tan appear m EITHER a taj f «fe or JSP 


a/ 1 ). 

^ e. 


j sp:doBody 


jsp:invoke 


- Option D is valid (p<) l-IZI) 


-Option E u valid (p3 l-ll*}) 


(J£pv2 . 0 9<7 (p* I-IT}> 
JSP vZO settion 511 
JSP vZ 0 settion 5 IZ 
JSP vZ O settion 5\1) 


□ F. taglib 


-Option F is invalid betause the taalib direttive 
tan appear , n EITHER a ta$ file or JSP 
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A medical website hides selective content from users who arc not registered. In place 
of the hidden content, a message should display to encourage users to register. Given 
the Simple tag handler snippet: 

11. public int doTag() throws JspException, lOExcoption { 

12. String level = 

13. (String) getJspContextO .findAttribute("accountLevel"); 

14. if((level — null || “trial".equals(level))) { 

15. String price = // TODO get context param 

16. String message = "Content for paying members 

only.<br/>"+ 

17. "<a href-"register. jsp">Sign up now for only 

”+price+" !</a>" ,* 

18. getJspContextO getOut().write(message); 

19. ) else ( 

20. getJspBody () . invoice (null) ; 

21 . } 

22 . ) 


At line 15. the price for registration should be retrieved from a context parameter 
named registrationFee, however there are no methods onJspConlexi for retrieving 
context parameters. What can solve this problem? 


J A. Retrieve the value with pageContext. getServletContext () 

.getlnitParameter("registrationFee"); 




B. 


('as! the .JspContext to tyjy PageContext so tha! you c an !»«■ rj»** 
methods of PageContext to retrieve the context parameter. 


-Option A the payCwtent 
variable u only available to 
Classic tay 

-Option B Correct We never 
mentioned this trick and you 
won t need to know it for 

11_ L. I .1 _.«Li ___ 

t.rvc *W tivmv 

in handy in the real world 1 


LJ (. Retrieve the value with 

getJspContextO.findAttribute("registrationFee"); 


-Option C Remember, 
were not looking for an 
attribute, we're looking 
for a Content parameter 


□ I) 

□ E. 


Throw an exception to In the usrr know that the price could not be ImuiOp-tion D Don’t <yve up so 

easily^ With determination yot 

, 4 t&r\ Provide i Qood solution' 

I his is impnsHililr with a Simplr A Classu lag must lit* used* 

-Option £ is not impossible, just tricky 
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Which .Simple lag mechanism will tell aJSP page to stop processing:? 


(JSP «2-0 * t{,or ' IV<>J) 


J A. Return SKIP_PAGE from the doTag method. 


-Option A is invalid because tVie doTa^ 
method does not return a value 


□ B. 

8^ c 


□ i). 


Return SKIP_PAGE from the doEndTag method. -Option B is invalid because a Simple 

ta^ does not Save the do&ndTaj 
event method 

Throw a SkipPageException from the doTag method. 

—Option p is invalid because a 

> Simple ta* does not have the 

Throw a SkipPageException from the doEndTag method. dotndTao event method 


5 


Vhirh are Irue abotil the Classii lag model. 1 (Choose all that 
ipplv.) 


(JSP 

\l \ and I *-V 


A. The Tag interface can only he used to create 
empty lags. 


-Option A is invalid because the Ta$ interface 
can support tay with a body, but you can t 



The SKIP_PAGE constant is a valid return value of 

the doEndTag method 


□ C. The EVAL_BODY_BUFFERED conslant is a valid 
return value oT the doAf terBody method. 


—Option C is invalid because 
doAf terBody tan only return 

SKIP BODY or 
Ev/AL_B0DY_A4AIN 


n i \ 

_j u. 



S hi Tay interface only pfovidis two values lor the return 

value of(hi doStartTag meihod: SKIP_BODY and 
EVAL BODY. 


-Option P is invalid because doStartTag 
returns SK|P BOPy' and 

byal_bop7_inclwpe 


There arc three lag interlaces Tag IterationTag. 
and BodyTag but only two built-in base classes: 

TagSupport, and BodyTagSupport 
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Whirli air true about the findAncestorWithClass method in 
the TagSupport class:* Choose all that appb 

O A ll require* one purmnrti'r: A Class 

B. Ii is a static method in the- TagSupport class. 

^ C. It is a non-static method in ihr TagSupport • lass 

I). It is N< )T defined by any of the* standard JSI* tan 
interfaces. 

It requires two parameters: A Tag and .1 Class 


~(jsp n 3 " 1 * ) 


fiT e. 

□ K 


□ c. 


-Option C i* invalid because the 
method is st*t»d 


-Options A and F are ,rival,d because 

+ U» _-Xl_I l.L I , c 

parameters 


n dna r are 

It requires one parameter: A String representing the the method takes two 
name of the tag to lie found. 

It requites two parameters: A Tag and a String. _(W IOr z I 

representing the name of the lag to lie found. argument ^ *<Cond 


(JSP vZO section IT3 

Which must he true if you want to use dynamic attributes for Z-7^,7?) 

a Simple lag handler? (Choose all that apply 


O A Your Simple tag must NOT declare any static 
tag attributes. 


-Option A ii mvabd because you 
can have both static and dynamic 
attributes m a Simple ta^ 



Your Simple tag must use the <dynamic-attributes> 
element in llie TI.I). 



Ynur Simple tag handler must implement the 

DynamicAttributes interface. 


-Option D is invalid because there is 

!J I). Your Simple tag should extend the no such helper class m the built-in 

DynamicSimpleTagSupport class, with It APIs 
provides default support lor dynamic altrihuli*s. 


U E. Your Simple tag CANNOT he used with the ii^^j because you are 

jsp: attribute stand.in I ai lion, because this a Uj>t the jsp attribute action 

action works only with static attributes. ynamiC y 
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fKP vJ-0 setW ® ^ 

g Which is true about lag lilrs, J (Choose all that apply. 

-Option A u invalid because tag ^*2 
J A. A lag file ma\ hr placed in any subdirectory ol WEB-INF be placed unde* - the WfcD-1 Nr < 

tags directory 

a B. A tag file must have the file extension of . tag or . tagx 0 ^ ,_ ni q 4 .,) 

O C. A 11.1) lilr must lx- used to map the syntbolu 

lag name to the actual tag file. -Option C is invalid because tag -files may be 

discovered by the Container in several well-known 
locations This Container feature is optional 

J L). A lag file n»a\ N( >1 he placed iu a JAR file in the 

WEB-INF/lib dim torv 


(liven: MSP «W> M UW 

10. public class BufTag extends BodyTagSupport ( 

11. public int doStartTagO throws JspException { 

12. // insert code here 

13. } 

14. ) 


Assume that the tag has been properly configured to allow body content. 


Which, if inserted at line 12, would cause the |S|* code 
<mytags:mytag>BodyContent</mytags:mytag> to output 
BodyContenf 
□ A. return SKIP_BODY; 

I? return EVAL BODY INCLUDE; 


-Option A •* irKal'd because it cause* the 
body of the tag to be skipped 


□ C. 

□ 1 ). 


return EVAL_BODY_BUFFERED; ' Opbo* C is invalid because it directs the body of 

the tag to a buffer which this ta« does not process 

return BODY CONTENT; 
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Which about doAf terBody () is I rut-;* Choose .ill that apply 


(JSP v2_0 n . I-I*2J 


□ 


A. 


doAtterBody o is only i,tiled on tags 
that extend TagSupport 


Option A u issw^t.d because doAfterftodyO 
can be tailed on any ia$ that implements the 
IteratorTa^ interface 


□ 1$ doAf terBody () is ouh called on tag* -Option 3 is invalid because there •* 
that extend IterationTagSupport. M £ | aw 


□ ( \sstirning no exceptions neetir, doAf terBody () 
is always called aftet doStartTagO for any tag 
that implements IterationTag 

wJ I), Winning no exceptions occur, doAftarBodyO is 

called after doStartTagO for any lag that implements 

IterationTag and returns SKIP_BODY Imm doStartTagO 

K. Assuming no exceptions occur, doAf terBody () is called alter 
doStartTagO for any tag that implements IterationTag and 
returns EVAL_BODY_INCLUDE from doStartTagO 



-Options c and D arc invalid 
because doAf ter BodyO |S 
tailed nben doStartlW) returns 

Ei/AL 30DV INCLUDE 


11 


(iiven tiJSI* page: 


(JSP vi o 

API 


1. <%@ taglib prefix-"my" uri«"/WEB-INF/myTags.tld" %> 

2. <my:tagl> 

3. <%— JSP content —%> 

4. </my: tagl> 


I he tag handler for my: tagl is TaglHandler and extends TngSupport 

What happens when the instance ol TaglHandler calls the getParent 
method:’ (Choose all that apply. 


Q A. A JspException is thrown. -Option 3 n the correct Answer The 

Jf (yrtParent method does not thro* any 

1-1 B. I In null value is returned. ev-tepfions 

Li C. A NullPointerException is thrown. 

Li 1). An HlegalStateExcoption is thrown. 
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iry Which is true about the lili-cycle of a Simple lag? 
" (Choose all that apply.; 


(JSP v2 -0 sect, on IU 
py 2-—QO/Gii) 


LI A. I he release method is c alled alter the doTag method. -Option u ,s ^ ^ au ' r , 

S»ple tag ha* no release method 


D B. I he setJspBody method is always called before the 
doTag method. 




C. 


I hi setParent and setJspContext methods are c alled 
immediately before the tag attributes are set. 


—Option B ■* invalid because the 
setJspBody it ^ called if the 
Simple tag is in empty tag 


□ I). Tin- JspFragment ol ilie tag body is invoked b\ the Container 
before the tag handler’s doTag method is called. Phis value, a 
BodyContent object, is passed to the tag handler using the 

setJspBody method. 


-Option D a invalid because 
the -fragment is invoked by the 
doTag implementation, SOT 
before the doTag is called 


40 (liven: (JSP v2.0 pg 1~~ZV 

10. public class ExampleTag extends TagSupport { 

11. private String param; 

12. public void setParam(String p) ( param = p; } 

13. public int doStartTag() throws JspException { 

14. // insert code here 

15. // more code here 

16 . ) 

17. } 

Which, inserted at line 14, would be guaranteed to assign the value of the request-scoped attribute 
param to the local variable p.' Choose all that apply. 


□ A. 

□ B. 

□ C. 

□ 1 ). 

^ K. 


String p 
String p 
String p 
String p 
String p 


findAttribute("param"); 


-Option A I* invalid because there 
is no suCh method 


-Option B is invalid because there is 
request.getAttribute ("param"); mS UnCe variable 


—Option C is invalid because an 

pageContext. findAttribute ("param") ; ^.bute m *oJ<J be 

found before checking reguest scope 

getPageContext() .findAttribute("param") ; -Option D is invalid because 

there is no grtPageConte*tO 
method 

(String) pageContext.getRequest().getAttribute("param"); 
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Which arc valid method rails <>n •' PageContext object? ( JSP v2-0 p^ 

(Choose all lhai apply. 



3 d 

is M 

□ F. 


getAtfcributoNarnes {) 

getAttribute (" key") -Op-bo** A and D ace ir»wabd 

findAttribute("key") because -there are no methods 

with these name* 

getSessionAttribute() 
gotAttributesScope("key") 

findAttribute ("key ", PageContext. SESSION_SCOPE) YeO'doeTnot ? 

getAttribute ("key" , PageContext.SESSION_SCOPE) Ha>/e a scope parameter 


Which is ihr* most efficient JspContext method to call to access an (JSP *2-0 W 

attribute ili.it is known to be in application scope;' 

□ A. getPageContext () _^ lon ^ „ mva | lC ( because there is no such method 

G B. getAttribute (String) __Opbo* B is invalid because this method only 

look* m pay scope 

□ C. findAttribute (String) ^ C „ ,„„ jM I*** „ (tw , «U be l« effttnt 

than Option D because it first cheeks the other three scopes 
3 L) getAttribute(String, int) 

□ E. getAttributesScope ("key") F •* invalid because no such 

method exists 

L) F. getAttributeNamesInScope(int) -Option F is invalid because it would be only the 

first step m a process that would be much less 
efficient than Option D 
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□ 

□ 


(JSP ft 


—Option A '» invalid because this 
method only checks the fay scope 


What is the best strategy, when implementing a custom tag. for finding 
tin* value of an attribute whose scope is unknown? 

Q A. Check all scopes with a single 

pageContext. getAttribute (String) call 

B. Check all scopes with a single 

pageContext.findAttribute(String) call. 

C. Check each scope with < alls to 

pageContext.getAttribute(String, int). 

1). Call pageContext.getRequest() .getAttribute(String) 

then call pageContext.getSession() .getAttribute(String) 

and so on. 

□ E. None of these will work. 




-Options C and D a** 

invalid because they are 
less efficient than simply 
calling findAttributeO 



(iiven a tag, simpleTag whose handler is implemented using the Simple tag model 
ami a tag, complexTag. whose handler is implemented using the Classii tag model. 
Both lags are declared to lie non-empty and non-tag dependent in the I’Ll). 


Which JSP code snippets are valid uses of these tag? iChoosc all that apply 


J A 


<my:simpleTag> 

<my:complexTag /> 
</my:simpleTag> 


-Option A is Correct i Simple tag may include 
a Complex tag m the body as long as that tag 
Contains no scripting Code 


(JSP v2 .0 II k 

pg1-1%) 


_) B. <my: simpleTag> 

<%= displayText %> 
</my:simpleTag> 


-Option B «s mvalid because simple tags cannot 
have a body that includes a JSP expression tag 



< 


□ 1 ) 


e'tny ! simpleTag> 

<%@ include file 
</my:simpleTag> 


<my:simpleTag> 

<my:complexTag> 
<% i++; %> 
</my: complexTag> 
</my:simpleTag> 


"/WEB-INF/web/common/headerMenu.html" %> 


-Option C is Correct because the include directive is processed 
before the body of the simpleTag is Converted mto a JspFragmenfc 
however, the included Content must also be non-sCripting (which is 
why this example includes an HTML segment) 


-Option D is not invalid because of the ComplexTag 
usage (as m Option A), but because the ComplexTag 
body has scripting Code in it 
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Which are true about ilu* Tag Hie model? (Choose all that apply, i 


(JSP ^ ° 


□ A. 

□ B. 

□ C. 

$f I). 
d k. 

d i 


Each tag tile must have a i nrresponding 
entry in a I I.1) lile. 

All directive* allowed in |SI* pages are allowed 
in Tag Files. 

All directives allowed in lag Files are allowed in 
JSI* pages. 

The <jsp:doBody> standard action can only be 
used in Tag Files. 



-Option B •* mvjlid because the paije 

directive is not available in Ta$ riles 

-Option c IS invalid because the ta}, 
attribute, and variable directives are 
not available In JSP pa^es 


The allowable file extensions foi Tag Files are .tag 
and . tagx 


For each attribute declared and specified in a Tag File, 
the container creates a page-scoped attribute with the 
same name. 
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Which are valid in lag files? (Choose all that apply.) 


(jsp v2~o n 


d a 

d it 


<j sp:doBody /> 

<jsp:invoke fragment*"frag" /> 


l_) C. <%@ page import*"java.util.Date" %> 

d I). <%@ variable name-given="date" 
variable-class*"java.util.Date" %> 

G E. <%@ attribute name="name" value="blank" 
type*"java.lang.String" %> 


-Option C is invalid because the pa^e 
directive is «ot valid in ta<) tiles- 


-Option E is invalid because there a 
no value attribute defined for the 
attribute directive 


Which returns the en< losing tag when called from within a tag handler class? (JSP v2-0 
* (Choose all that apply.) 

1^ A. getParent() 

G B. getAncestor() 

G C. findAncestor () 

G 11 getEnclosingTag() 


-Option A is Correct, it is 
the only one of the methods 
shown that exists 
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(iivrn i web application structure: 




/WEB-INF/tags/raytags/tagl.tag 
/WEB-INF/tags/tag2.tag 
/WEB-INF/tag3.tag 
/tag4.tag 


Whic h tags could be used by an appropriate taglib directive.'’ 
(Choose all that apply.) 


rf\\. 

Ikf B 

□ c. 

□ 1 ) 


tagl.tag 
tag2.tag 
tag3.tag 
tag4. tag 


-Opiums C and V are invalid Wtiu« U f •>« 
must be placed under the /WfB^£Aj>S§ , 
directory or a subdirectory of AVEB-INr7tags 



(JSP 


ection 


A web application includes many forms for users to 1111 out and submit. Nothing 
in the pages indicates that a Held is required. Business dec ided that a red asterisk 
should be placed preceding the text labels of required fields but the project 
manager is contending that the background color of required fields Ire light blue 
and another department is demanding that tltr projec t's application be consistent 
with their own, where the text of the labels be bold for required fields. 

Considering the different perspectives on how required fields could lx- identified 
in pages, choose the most maintainable usage of a custom tag. 

Ui A. Ccust:requiredIcon/>First Name: <input type=”text” 
name*"firstName"/> 

30 B. Ccust:textField label-"First Name" required-"true"/> 

-J C. ccust:requirodField color—"red" symbol—"*" 
label—"First Name"/> 

-] D. Ccust:required> 

First Name: cinput type-"text" name-"firstName"/> 
c/cust:required> 


-Option fll w<wld work if you 
knew that the regun-ed f ^ 
would always be marked with 
a preceding symbol and the 
only potential change would be 
the identifier used Even still, 
it would be just as simple to 
use an img tag and swap out a 
4*f lion m an i—aant , 

- -J— —• WVWO J 

-Option B a the —oit flexible 

solution Your Custom tag a given 
full Control for Constructing the 
label and text field and how 
they should be displayed 


-Option D it would be possible to do things 
this way but your class implementing the tag 
would have to parse the body and manipulate 
rt, Creating a maintenance nightmare 


-Option C- specifying a Color 
and symbol m the tag is an 
unsatisfactory solution, as a Change 
to either of these values would 
require you to update the values of 
ev ery tag m every JSP 
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Deploying your web app 



Tm proud of you father! Your 
deployment descriptor looks perfect— 
you've configured error pages, welcome 
files, servlet mappings.., but I'm not sure our 
clients will appreciate the subtle irony 
of your ‘.die'' and ".kickass” 
extensions 


Finally, your web app is ready for prime time. Your pages are 

polished, your code is tested and tuned, and your deadline was two weeks ago 
But where does everything go? So many directories, so many rules What do you 
name your directones? What does the client think they re named? What does the 
client actually request, and how does the Container know where to look? How do 
you make certain that you don’t accidentally leave out a directory when you move 
the whole web app to a different machine’ What happens if the client requests a 
directory instead of a specific file ? How do you configure the DD for error pages 
welcome files, and MIME types? It s not as bad as it sounds 


this is a new chapter 
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official Sun exam bj- . rives 



Web Application Deployment 


Coverage Notes: 


2.1 Construct the file and directory structure of a web 
application that may contain (a) static content. <b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libraries, (f) JAR files, and (g) 
Java class files. Describe how to protect resource 
files from HTTP access 


This objective has been corned throughout the 
hook in other chapters, >o most of the content in 
this chapter related to this objeclire is nlhei for 
review oi to look at something in a little more 
detail. 


2.2 Describe the purpose and semantics for each of 
the following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-mapping, servlet-name, and 
welcome-file. 

2.3 Construct the correct structure for each of the 
following deployment descriptor elements, 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-name, and welcome-file 


Objectives 2.2 and 2.3 focus mainly on picky 
XML tag details related to the Deployment 
Descriptor. 11 'bile this is piohahh the least fun 
part of the hook land the examj, most oj this 
content is easy to understand and it's just a 
matter of memorizing the lags. 

There is one trick > part, though, and we'll spend 
most of our lime on it—servlet mapping. 


2.4 Explain the purpose of a WAR file and 

describe the contents of a WAR file and how 

one may be constructed. 


6.3 Write a JSP Document (XML-based syntax) 
that uses the correct syntax. 


lie decided to stick this objective into Hus chapter 
for two reasons: I) most oj this chapter has to 
do with XML. and 2) we didn't want to add 
anything else intu iheJSP chapters. Ue decided 
it was hettn for you to concenhate mote on the 
syntax and behavior of all the other pints «/ 

JSP, ratlin than ah" worrying about the XML 
versions oj everything. Hut now that you’re, you 
know, an expert we figure you can handle it. 
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The Joy of Peployment 

We’ve covered most of the Itin stall, but now it’s time for a 
more detailed look at deployment. 

In this chapter, you need to think about three main issues: 


(?) Where do YOU put things in the web app? 

Where do you put static resources? JSP pages'? Servlet class files'? 
JavaBean class files? Ltstener class files? Tag Files? Tag handler 
classes? TLDs? JAR files? The web xml DO? Where do you put things 
that you don t want the Container to serve? (In other words, which parts 
of the web app are protected from direct client access?) Where do you 
put ‘welcome" files? 


(D Where will the CONTAINER look for things in 
the web app? 

Where will the Container look when the client requests an HTML page? 
A JSP page? A servlet? Somethmg that doesn't exist as an actual 
file (like BeerTesfdo)? Where will the Container look for tag handler 
classes? Where will the Container look for TIDs? Tag Files? JAR 
files? The Deployment Descnplor? Other classes my servlets depend 
on? Where does the Container look for 'welcome' files ? (Obviously, 
once you know all of this, then everything n number T becomes a 
no-brainer.) 

(3) How does the CLIENT request things in the 
web app? 

What does the client type into the browser to access an HTML page? A 
JSP page? A servlet? Something that doesn't actually exist as a file? In 
which places can the client make a direct request and in which places 
is the client restricted from direct access to a resource? What happens 
if the client types in a path to only a directory, not a specific file? 


you are here * 
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where to put js 


What goes where in a web app 

In several chapters of ibis book, we’ve looked at the locations in which the 
various files must be placed. In the chapter on custom tags, for example, you 
saw thiii Tag Files must be deployed in /WEB-INF/lags or a subdirectory, or 
in a.JAR file under /META-INF/lags or a subdirectory. II you put a lag File 
anywhere else, the Container will either ignore 11 or treat it as static content 
ready to be served. 

The Servlet andJSP specs have a lot ol picky rules about where things go. 
and you really do need to know most of them. Since we Ye already covered 
most of this in one way or another, we use these first few pages as a test of 
your memory and understanding. Don’t skip it! Treat these next few pages as 
practice exam questions! 

_tlx>rc ttirgno 

\ Jiinjh Questions 

0 ; 

y Why should I have to know where everything goes... isn't that what 
deployment tools are for? Or even an ANT build script? 

A ; 

_fc\ m If you're lucky, you're using a J2EE deployment tool that lets you point and 
ctick your way through a series of wizard screens. Then your Container uses that info 
to build the XML Deployment Descriptor (web.xml), build out the necessary directory 
structures, and copy your files into the appropriate locations. But even if you are 
lucky, don't you think you need to know what the tool is doing? You might need to 
tweak what the tool does. You might need to troubleshoot. You might switch to a 
different vendor that doesn't have an automated deployment tool 

A lot of developers use a build tool like ANT. but even then, you still need to tell ANT 
what to do. 


But I just got an ANT build script off the Internet, and it’s already 
configured to do it all for me. 


A: 

Again, that's great—but you still need to know what's really happening. 

If you're completely at the mercy of your tool, you're in trouble if something goes 
wrong. Knowing how to structure a web app is like knowing how to change a tire— 
maybe you'll never need to do it yourself, but if it's 3:00 AM and you re in the middle 
of nowhere, isn't it nice to know you con? 

And for those of you taking the exam, well, you don't have a choice. Virtually 
everything in this chapter is covered on the exam. 
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Sharpen your pencil 


Name the directories 

Wnte the correct directory names in given the files shown 
within those directories Everything in here has been 
covered in an earlier chapter, but don't worry if you haven t 
completely memorized them all yet. This is the chapter 
where you have to bum it in. 



webapps 


MyTestApp 



1 — 1 




" 1 



useTog.jsp 


NovBar.tag 




wcbxml 


I i-1 

foo MyTagHandler.class 


bar.MyHandler.dass 


catalogTogs tld 
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exercise on deployment 



Application name: Dating 


Draw the directory and file structure 

Look at the following web app descnption and draw a directory 
structure that supports that weh app Be sure to include the files too 
There may be more than one way to structure this, we recommend 
using the simplest (i.e. least number of directories) to organize it 


Static content and JSPs: welcome.html, signup.jsp. search jsp 
Servlets: dating Enroll class, dating Search class 
Custom tag handler class: tagC lasses TagOne class 


TLD: DatmgTags tld 
JavaBeans: dating Client class 
DD: web xml 

Support JAR files: DatingJarjar 
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BE the Container 



webapps 


MyToitApp 


WEB-INF 


NavBar tog 


foo.AdvisorTogHandlcr class 


What’s wrong with this deployment? 
Iliere are several thing's here that 
do not follow’ the Servlet or JSP 
Specification for where they should 
be placed. Assume that all 
files have the correct 
names and extensions. 


List everything that's wrong 
with this picture 


useTog isp 


web xml 


classes i co+olo 9 To 9 3 +l ° 


foo.htrnl 



Header tag 
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Name the directories 

To deploy a web app successfully, you MUST follow this structure. WEB-INF must be immediately 
under the application context ('MyTestApp' in this example) The "classes' directory must be 
immediately inside WEB-INF" The package structure for the classes must be immediately inside 
'classes" The 'lib* directory must be immediately inside ’WEB-INF' and the JAR file must be 
immediately inside 'lib' The “META-INF directory must be immediately inside the JAR. and TLD 
files in a JAR must be somewhere under ‘META-INF' (they can be in any subdirectory, and ‘TLDs“ is 
not required as a directory name). TLDs that are NOT in a JAR must be somewhere under "WEB- 
INF*. Tag Files (files with a tag or tagx extension) must be somewhere under ‘WEB-INF/tags" 
(unless they re deployed in a JAR in which case they must be somewhere under "META-INF/tags"). 


MyTestApp 


to "tent a*d 
JSPs be at the web 
J PP root level OK „ j *- - 

wbd,rectory, b.dud.M 
“"der WtB-lNF, 
although that atfects 
the*- iUeishlrty * 
yw'll see later 

tags' or a s*W.«cW7 


— —T 

1 


WEB-INF 

L _ _J 



NavBar tag 


*£&*#*■ 


bar 


META-INF 


Tta DD MUST * 

l 



-■WM-- 

1 1 - — —I 
J r lib 

classes 


t 1 ivcb.xm 


too 


helper*, heaps, - 

e tT) w ust be .gaiety vpder 


i j 

bar MyHandler class 



I_I 

f oo MyTagHandler.c 


lass 


"WETA-INF* » U '± L 

JAR ( 'k TLDs t J JM the 

!TI* her ' 'wide >Eta_ tkrcu ^ 


*2 * - jm Lt J A - ,MF tri-D f ilt 

^ ** ‘°«<wher e under 


fes 


catalogTags tld 
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web app deployment 


e^harpen your pencil Draw the directory and file structure 

ANSWERS The only things that could be different in this picture are 1) the static content 

and JSPs could be in a subdirectory under “Dating 1 , or bidden under "WEB- 
INF 1 and 2) the DatingTags.tld could be in a subdirectory of WEB-INF. 


Application name: Dating 

Static content and JSPs: welcome html, signup jsp, 
search jsp 
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exercise on directories and Hies 


BE the Container 


Answers 


. m 


r lLVV 


Several thmy are wron^ with this picture* 


webapps 


MyTtttApp'd 


uscTag jsp 

WRONftl Ta, Rlet (.*-) 

-usi be so^ewKere u^fr =-£51 

WtB-IWr/{iy' J 7 =? 


0K (although accessible 
only by other parts of ' 
the web app no direct 
access by clients) 


NovBar tag 


1 » 
foo html 


,*ypnW 6 M The “tUsses” directs^ 
be u nder-WBB-INf 

T^e "lib" directory « m tbe r.^«t 

place (under "vVE-D-I^ 


^ WRON ^' 1 web *ml must 

WEB-INF I be inside "WEB-INF" 

wcb.xml 

■■ B 

I » 'T Ta, Files (taj) 

r ~ rEr=Cs must be somewhere under 

aa |y “ivEB-IKF/tay" 

~ Header.tag 

Classes I «talogTags.tld 


F — OK the VI*M**” 

directory is moved out of "lib" and 
/ placed directly under "WEB-INP) 

CT^i * 

c.™ .rn 


r "1 

foo AdvisorTagHandler claw 
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web app deployment 


Oh if only there were a way 
to deploy my entire web app in 
o JAR. so that I could move it as o 
single file instead of this huge pile 
of files and directories and... 



What she really wants is a WAR file 

Tin* dim - lory structure of .1 well app is intense. 
And everything lias lo lie in exactly the right place. 
Moving a web app can hurt. 

But there’s a solution, called a WAR tile, which 
Hand* for Web ARchivt And if that sounds 
suspiciously like a JAR lilc Java AR hive that’s 
because a WAR i\ a JAR. AJAR with a .war 
extension instead of Jar. 
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WAR files 


A W AR file is .simply .1 snapshot of your web app structure, in a nice 
portable, compressed form it’s really just a JAR file). You jar up youi 
entire web app structure minus the web app context directory the 
one that’s above WEB-INF . and give it a .war extension. But that does 
leave one problem' il you don't include the specific web app directory 
Beer App, for example . how does the Container know the name/ 
context of this web app? 

That depends on your Container. In Tomcat, the name of the WAR 
file becomes the web app name! Imagine you deploy KecrApp 
as a normal directory structure under tomcat/webapp*/Beer App. 

To deploy it as a WAR lile, you jar up everything in the BeerApp 
directory (but not the BeerApp directory itself, then name the 
resulting JAR file BeerApp. an r. Then you drop the BccrApp.war file 
into the tomcat/webapps directory. I hat’s it. fomcat unpacks the 
WAR file, and creates the web app context directory using the name of 
the WAR file. But again, who Container may handle WAR deployment 
and naming differently. What matters to us here is what's required by 
the spei. and the answer is it makes almost no difference whether 
the app is deployed in or out of a WAR! In other words, you still need 
WEB-INF. web.xml, etc. Everything on the previous pages applies. 


Almost everything. I here is one thing you can do when y ou use a 
W AR. file that you can’t do when you deploy w ithout out declare 
library> dependencies. 


In a W AR file, you can declare library dependencies in the META- 
lNI 7 MANIFl.s r.MI file, which gives you a deplnj-limr < heck for 
whether the Container can find the packages and classes your app 
depends on. That means you don’t have to wait until a resource is 
requested before the whole thing blows up because the Containei 
doesn’t have a particular class in its classpath that the requested 
resource needs. 


HOf Don’t 
WAR I 


Don’t be fooled by questions about 

WAR files... the rules don’t change. 

OuL Quiz do you still need a file named ^ eb * ml jjj° U . Nr 
quick quiz.uoyv of course Do you still need a -WEB-INF 
deploy as a WARWwn w v ofcourse DoyOU st ,II need 

directory if you deploy os a _ WEB-/NF"? Of 

to put classes in a 'classes ir change just because 

course You gel the significant difference is 

you put your app terra INF'directory under the w 

that a WAR file will have a META-INF directory u,*, 

Z c Me* fa peer ,0 M WEB-WF .Wry). 


web 
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web app 


What a deployed WAR file looks like 

When you deploy a web app into Tomcat by putting ihe WAR lilt’ into the webapps 
directory. Tomcat unpacks it. creates the context dire< tory MyTestApp in tins 
example , and the only new tiling you’ll see is the META-INF directory w ith the 
MANIFEST.MF lilei inside. You w ill probably nrtrr put anything inti* tin- META-INI 
directory yourself, so you'll probably never care whether your app is deployed as a 
W AR unless you do need to specify library dependencies in the MANIFEST.MF file. 


see *»> 

vVAR is 


The onh i** Y 

a !eb defU^d » 4 T A 

ihe META-IN^ ^ 

ihe MANlPeSTWf *** ms ’ ae) 




ivcb.xml 






[E^| Cl 

too ] \ 




»1 1 Ml 

F 1 uLi 



t .lev Bar tog 


bar 


E; 


META-iKFl 


Ill »li| 
1P1 <ll»l 


P foo.MyTagHandicr.class 


tie joet 

m Nit 

>i cue 


I 


bar MyHondler.class 


eatologTogs tld 
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directly accessible ocations 


Making static content and JSPs directly accessible 


When you deploy static HTMI. and JSl’s. you can choose whether to make them 
directly accessible from outside the web app. By directly ttccexuble, we mean that a 
client can enter the path to the resource into his browser, and the server will return 
the resource. But you etui prevent direct access by putting files under WEB-INF or, if 
you're deploying as a WAR file, under ME I’A-INF. ,. 

TVuS « a 

. .. ?a th "> ^Vte ^ 

valid request ^ J 

http://www.wickedlysmart.com/MyTestApp/reglster/signOp.j sp 

-^ Mol Na*->^S' ,NF 

Invalid request (produces "404 Not Found" error) ta* fee b** 1 'I 

http://www.wickedlysmart.com/MyTostApp/WEB-INF/process.jsp 



MyTestApp I 


META-INF 


register 


wdeomc.html 


WEB-INF 


Sgte* META-IVF or 
“ d,rrt ty "*es».fele 


Content that’s directly 
accessible 


MANIFEST MF verify, jsp 


*■ <Wen{ 
if v*|, r ' 
signUp jsp OR ^kdintlor,,, 


processjsp 


The ^ver 


M 


serve **f 


^ M ke, e , 

H iv.UWTb'nui' 

t nr M »• . • 


web xml jth« is ^ ^ , f f J 


d*ctl 


{•la v«de*- WEB- 


INF) 




here wsi 


der 


wift'lNf here 

a WWyV< CAB ? 


H the server gets a client request for anything under 
WEB-INF or META-INF, the Container MUST respond 
with a 404 NOT FOUND error! 
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web app deployment 


_j|ie t*iqr&_n<? „ 

Dumb Questions 

0 : 

If you can't serve content from WEB-INF or 
META-INF, what's the point of putting pages there??!! 

A: 

Think about that. You have Java classes and class 
members with package-level (default) access, right? These 
are classes and members not available to the 'public", but 
meant for internal use by other classes and members that 
are publicly exposed. It’s the same way for these non- 
accessible static content and JSPs. By putting them under 
WEB-INF (or, with a WAR file, META-INF), you're protecting 
them from any direct access, while still allowing other 
parts of the web app to use them. 

You might, for example, want to forward to or include a 
file while making sure that no client can directly request it. 
Chances are, if you want to protect a resource from direct 
access, you'll use WEB-INF and not META-INF, but for the 
exam, you have to know that the rules apply to both. 


'V’ What about a META-INF directory inside a JAR file 
inside WEB-INF/lib? Does that have the same protection 
as META-INF inside the WAR file? 

A: 

Well... yes. But the fact that the content is in 
META-INF is not the point. In this case, you're talking about 
a JAR file Inside the lib directory inside WEB INF. And 
anything in WEB INF is protected from direct access! So, it 
doesn't matter where under WEB-INF the content is, it's still 
protected. When we say that META INF is protected, we re 
really talking about META-INF inside a WAR file, because 
the META INF inside WEB INF/lib JAR files is always 
protected anyway by virtue of being under WEB-INF. 


O: 

On an earlier page you mentioned putting 
library dependencies in the META-INF/MANIFEST.MF 
file. Are you required to do that? Isn't everything in the 
WEB-INF/lib jar files and the WEB-INF/classes directory 
automatically on the classpath for this application? 


A! 

Yes. classes you deploy in/with the web app, by 
using the WEB-INF/classes directory or a JAR in WEB 
INF/lib. are available and you don't have to do or say 


anything. They just work. But... you might have a Container 
with optional packages on its classpath, and maybe 
you're depending on some of those packages. Or maybe 
you're depending on a particular version of a librarylThe 
MANIFEST.MF file gives you a place to tell the Container 
about the optional libraries you must have access to. If the 
Container can't provide them, it won't let you successfully 
deploy the application. Which is a lot better than if you 
deploy and then find out later, at request time, when you 
get some horrible (or worse—subtle) runtime error. 



How does the Container access the content inside 


JAR files in WEB-INF/lib? 


A: 

X\ The Container automatically puts the JAR file into 
its classpath, so c/osses for servlets, listeners, beans, etc. 
are available exactly as they are if you put the classes (in 
their correct package directory structure, of course) within 
the WEB-INF/classes directory. In other words, it doesn't 
matter whether the classes are in or out of a JAR as long as 
they're in the right locations. 

Keep in mind, though, that the Container will always look 
for classes in the WEB-INF/classes directory before it looks 
inside JAR files in WEB INF/lib. 


OK, that explains class files, but what about other 
kinds of files? What if I need to access a text file that's 
deployed in a JAR in WEB-INF/lib? 

a 

This is different. If your web app code needs direct 
access to a resource (text file, JPEG, etc.) that's inside a 
JAR, you need to use the getResourcel) or getResourceAs 
Streamf) methods of the dassloader—this is just plain old 
J2SE, not specific to servlets. 

Now, you might recognize those two methods 
(getResourceO and getResourceAsStreamO), because they 
exist also in the ServletContext API.The difference is, the 
methods inside ServletContext work only for resources 
within the web app that are not deployed withrn a JAR 
file. (For the exam, you need to know that you can use the 
standard J2SE mechanism for getting resources from JAR 
files, but you do not need to know any details.) 
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servlet mapping 


How servlet mapping REALLY works 

You've M t n examples of sen let mapping in the Deployment Descriptors 
We’ve used in earlier chapters, beginning with the tutorial. 

Every servlet mapping lias two parts the <setvlet> element and the 
<servlet-mappiug> element. The <servlet> defines a servlet name and class, 
and the <srrvlet-inapping> defines the URL pattern that maps to a servlet 
name defined somewhere else in the 1 ) 1 ) 


<web-app xtttins*-"http:// java.aun.c-tn/xml./ns/ i; 

xmlnr:xsi ="http: //www. w 3 .org /2001 /XMLSchetna-ins tiinee" 

xsi :ir'jh«jmaLocati.'-n='*http: ‘ / |^ . a. ^un.cum,'xml/tut / i Juc /w 4 :b-.ipu_j •; .xsd" 


version="2.4"> 


<servlet> 


servlet-name Beer /ser/let 


This rJ»< « MOT 

x- ? arfc J b* «>■ * ' S ^ T 

* I We fcl.wt ***" ^ 


other 

io»»ethm^ 


<servlet-class>CQm.example.BeetSeleet</servlet-claas> 

</servlet> 


<servlet-mapping> 

<servlet-name Beer /servlet-name 
<url-pattern>/Beer/SeleetBeer.do</url-pattern> 

</servlet-mapping> 


* Corta _clement. 




•/web-app> 


c 


If the client request comes in for 
/Beer/SelectBeer do", thot refers 
to the servlet named "Beer" 


And I see thot there is o <servlet> 
with that <servlet-name>, “Beer", and 
it tells me which servlet class will 
handle this request. 



web .xml 



Container 
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web app deployment 


But I don't see a 
directory named "Beer" 
and there's no file named 
“SelectBeer.do" 


TW* 

.. DP' 


CHW 


°+ web Jpp 

http://www.wickedlysmart.com/AdviceApp/Beer/SelectBeer.do 



webapps 


AdviceApp I 


WEB-INF 


classes I 


example 


The ACTUAL (physical) 
directory structure 


BeerSelcct class 


TVllsrt ^*^ et 

/&ee*-/& £erS *' e< 

do 


nof 


BecrSelect.dass 


The VIRTUAL (logical) 
directory structure 


SelectBeer.do 


web. xml 


web. xml 


you are here * 


617 











virtual vs. logical 


Servlet mappings can be "fake" 

The t Kl. pattern you put into a sen let mapping can be 
completely made-up. Imaginary. Fake. Just .t logical name you 
want to give clients. Clients who have no business knowing 
anything about the real physical structure ol your web app. 

With servlet mappings, you have two structures to organize: 
the W physical directory and file structure in who It your web 
app resources live, and the virtual/logical structure. 

The THREE types of <url-pattern> elements 


0 EXACT match 

/Beer/SelectBeer.do i -patten 

T , 


(|) DIRECTORY match 

url-pattern /Beer/*- /url-pattern> 

^ / f \ strip r* *, 

i rlatk (/) J slash/a*trc* k ' 


tan be a virtual 
OR real directory 


(^ 3 J tXl triSiON match 

<url-pattern *.do- /url-pattern> 

/l(ter the aster.*, ^ 

MUST begm writ, a« MUST base a dot 

asterisk (*) (t/Bm rv.tens.on ( d®. j*?' ^' 

*'th a slash) 


The virtual/logical structure 
exists simply because you 
SAY it exists! 

The URL patterns in the 
DD don't map lo anything 
except other <serv]et-name> 
elements in the DD. 

The <servlct-name> elements 
are the Ley to servlet 
mapping-they match a request 
<url-pattern> to an actual 
servlet class. 

Key point- clients revest 
servlets by <url-pattem>, 
NOT by <servlet-name> or 
<servlet-c]ass>! 
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web app 


BE the Container Ke v rules about serv,et mappings 



Which servlet will the 
Container choose given 
the DD servlet mappings 
and the client 
requests shown? 
You'll have 
questions like 
this on the real exam! 


1) The Container looks for matches In the order shown on the opposite 
page In other words, it looks first for an exact match If it can't find an 
exact match it looks for a directory match. If it can t find a directory match, 
it looks for an extension match 

2) If a request matches more than one directory <urt-pattem>, the 
Container chooses the longest mapping. In other words, a request for /too/ 
bar/myStuff do will map to the <url-pattem> Too,'ban 1 ’ even though it also 
matches the <ur1-pattern> /foo/* The most specific match always wins 


Mappings: 

<servlet> 

<servlet-naroe>One</servlet-name> 
<servlet-class>foo.DeployTestOne-' /servlet-class> 
</servlet> 

<servlet-mapping > 

<servlet-name-Onec/servJet-name> 

* 'tri-pattern * . do, /url-pattern • 

</servlet-mapping • 


<servlet> 

ervlet- 

<servlet-class>foo.DeployTestTwo</servlet-class> 

</servlet> 

<servlet-mappings 

vleL—name-'Twu-*- /id v let-name.' 

,-rl-patr. m /fooStuff/bar^/ut 1-pattern 
</eervlet-mapping:- 


<servlet> 

<servlet-name>Three</servlet-name> 
<5ervlet-class>foo.DeployTestThree</servlet-cla35> 
</servlet> 

servlet-mapping 

<servlet-name>7hree< / servlet -name> 

/fooStuff/ # /orl-j 

</servlet-mapping> 


Requests: 

http Mocathost 808ft 1 MapTest/blue do 

Container choice: 


http//localhost8080/MapTest/fooStuff/bar 

Container choice: 


httpJ/localhost:8080. l MapTest/fooStuff/bar/blue.do 

Container choice: 


http Tlocalhost 8080/MapTest/fooStuff^blue do 

Container choice: 


http 7/localhost 8080/ MapTest/fred/blue do 
Container choice 


http.//localhost:8080/MapTest/fooStuff 

Container choice: 


http/flocalhost 8080/MapTest/fooStuff'bar/foo fo 

Container choice: 


http/Tocalhost:8080rMapTest/fred/bluefo 

Container choice: 
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exercise on servlet mapping 



BE the Container 

Answers 



Mappings: 

<servlet> 

<iei v le t- name >Orte< / servlet-name > 
<ser , /let-ciass>foo.DeployTestOne</servlet-class* 
</servLet> 

cservlet-mapping> 

<servlet-name>One</servlet-name.» 

<ui1-pattern * .do /url-pattern> 

</se rvlet-mspping> 


<servlet> 

<servlet-name>Two</servlet-name - 
<servlet-class>foo.DeployTestTwoc/servlet-class> 
</servlet> 

<servlet-mapping> 

••servJet-nama>Two</serviet-name ■ 
u:: -pattern / f ooS tuff/bar </url-pat tern 

«-/iser vloL-nuippiny-» 


<servlet> 

• |UVlet -name'-Three*/servlet-name - 
<ser; let-ciass>foo.DeployTestThree</servlet-class• 
</servlet> 

• servlet-mapping.' 

ervlet-nai PI ei t-nan 

/fooStuff/* 

< / servlet -mapping -- 


Answers to the exercise on the opposite page. 
OMUseitofdaQ (z inojtsaiAoictsa (i 


Requests: 

http //localhost 8080/MapTest/Wue do 
Container choice: DeployTestOne 
(matched the * do extension pattern) 

http //localhost 8080/MapTest/fooStuff/bar 
Container choice: Deploy TestTwo 
(exact match with /tooStull/bar pattern) 

http://localhost8080/Map TestTooStuff/bar/blue do 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http //localhost 8080/MapTe$t/fooStuff/Wue do 
Container choice: DeployTestThree 
(matched /fooStuff/* directory pattern) 

http//localhost 8080/MapTest/fred/blue do 
Container choice DepioyTestOne 
(matched the ’ do extension pattern) 

http.//locall>ost-8080.'MapTest''fooStuff 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http //localhost 8080/MapTest/fooStuff/bar/foo fo 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http //localhost 8080/MapTest/fred/blue fo 

Container choice: 404 NOT FOUND 

(doesn t match ANYTHING) 
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web app deployment 


Subtle issues... 


Juki to make sure you understand servlet mappings, here’s one more 
little example. Don't skill) look dosely at both the mapping and 
tin* requests. Ill this mini “He thr Container", the answers are at the 
1)01 tom of the opposite page, so don’t perk. 


% 


BE the Container 


Which Servlet will the 
Container choose? 

Mappings in the DD 


<servlet> 

<servlet-name>Two</servlet-name: 

- .DeployTestl 

</servlet> 

<servlet-roapping> 

<servlet-name>Two</servlet-name> 
<url-patteri. /fooStuff/bar /url-pattern 
< /serv let-mapping-- 


<servlet> 

tst - -Four t/aervlet-natm 

*.servlet-class>foo.DeployTestFour - /servlet-class> 
</servlet> 

<servlet-mapping) 

•cservlet-name>Four</aet in 

it -pa- • -rn-/fooStuff/bar/* il- -patt~rn 
< /servlet-mapping ■ 


Requests: 

0 http://localhost:8080/test/fooStuff/bar/ 

Container choice: 


(2) http://localhost:8080/test/fooStuff/bar 

Container choice: 
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welcome ties 


Configuring welcome files in the PP 


You already know that if you ty pe in the name of a web site and 
you don't sjierify a specif!* file. you usually) still get something 
back. Entering http://u ;vw.orrilh.rnm into your browser takes you 
to the O'Reilly web site, and even though you didn't name a 
specific resource dike “homc.hlml”, lor example), you still get a 
default page. 

You can configure your server to define a default page for the 
entire site, but we're concerned here with default lalso known as 
“welcome" pages lot individual welt a ftps. You ronfigur 
welcome pages in the Dl). and that 1)1) determines what the 
Container chooses when the client enters a partial URL a 
URL that includes a directory, for example, but not a spec ific 
resource m the directory. 

In other words, what happens tl the client request comes in lor; 

http://wunv.wickadfysmart.com/foo/bnr £— bar'’ it jus-ta directory 

and “bar” Is simply a directory, and you don’t have a specific 
servlet mapped to this URL pattern. W hat will the client see. J 

In the DD: 

<web-app ...> 

<welcome-file-liat> 

<wel me— f i !e 'index .html</welc> nte-f i le> 

-default.jsp /we .le> 

</welcottt“-f ilo-lis^^ 

</web-app> 




They ^ Not ^ 
c»>d with a sjj^/ 


Imagine you have a web app where several different directories 
have their own default HTML page, named “index.luml”. But 
some directories use a “default, jsp" instead. It would be a huge 
pain if you had to specify a specific default page orJSI* lor each 
directory that needs one. Instead, you specify a list, in order, 
of the pages you want the Container to look lor m whatever 
directory the partial request is for, In other words, no matter 
which directory is requested, the Container always looks through 
the same list the one and only <welcome-filc-list>. 

The Container will pick the /in/ match it finds, starting with tin* 
first welcome file listed in the <welronie-Gle-list>. 


Multiple 
welcome files 
go in a single 
DD element. 

No matter how many welcome files 
you might list, you put them ALL into a 
single entry In the DD 
< we lcome-rile-list> It's tempting 
to think that each file might go in a 
separate <we)come-file-hst> ele ™enL 
but that's not how rl works' Each m 
has its own <welcome-file> element, 
out you put ALL o( them within a 
single <welcome-file-list> 


43 


The files in the 
<weicome-fiie> 
element do NOT 
start with a slash! 

Don t be confused. The way in which 
the Container matches and chooses 
welcome files is not the same as the 
way in which it matches URL patterns 
If you put the slash in front of the file 
name, you 'll be violating the spec, and 
bad things will happen. 
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BE die Container 


Which welcome files will 
» the Container choose given 
>\ die Dfi and the client 



requests shown? 
You can expect 
Something like this 
on the exam. 


The DD: 

<welcorae-f 1 le-1ist> 

<welcome-file>index.html</welcome-file> 
<weiconte-f iie>default• jsp</welcome-file - 
</welcome-file-list> 


Directory structure: 



foo.txt 


web app deployment 
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exercise on welcome files 


BE the Container 



Tho OD: 

<welcome-fiie-list> 

<welcrme-file>ind«x.html</welconH=-tile> 
<we 1 come- f i lode Caul t. j sp< /welcome- f i le > 
</welcome-£ile-list> 


Directory structure: 



foo txt 


Requests: 

http/focalhost 8000/MyTestApp/ 

Container choice: 

MyTestAppi'index.html 


http //localhost 8080/MyTestApp.Teg istration/ 

Container choice: 

MyTestApp''registrat)oiv'index.html 


http:/)V)calhost8080/MyTestAppi'searcii 

Container choice: 

MyTestApp’search/defaulLjsp 
(If there HAD been both a default jsp and an index html in 
the search" directory the Container would have chosen 
the “index hfnV file since it is listed first in the DD ) 


http:/rlocalhost.808(VMyTestApp/registration/newMember/ 

Container choice: 

When no files from the <welcome-fite-tisf> are found the 
behavior is vendor-specific Tomcat shows a directory list¬ 
ing for the newMember directory (which shows "foo txt") 
Another Container might show a 404 Not Found error 
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web app 


How the Container chooses a welcome file 


© Client requests: http //www wickedlysmart com/MyTestApp/search 



/MyTestA pp/sea rc h 


Container 


© 



Client 


Container looks in the DD for a servlet mapping, and 
doesn't find a match. Next, the Container looks in the 
<welcome-file-list> and sees "index.html" at the top. 


Container 


<we1 come-fiie-1ia t• 

•v’elcome-f x. e index.html /welcome-file 
•fwelcome-t i ie>default. jap- /weleome-f i le> 
</welcome-file-list> 


© 



Client 


Container looks in the /MyTestApp/search directory 
for an ‘index.html" file, but does not find one 


Container 







defoult jsp 


© 



Client 


Container looks at the next <welcome-file> in the 
<welcomc-file-list> in the DD, and sees ’default.jsp" 


I-\ 

|^Contamc<J 


<welCome-file-list> 

<welcome-file>index.html</welcome-file> 

■—^ <welcoroe-file default, gsp /welcome-file 
</welcome-flle-li£it> 


© 




Container looks in the /MyTestApp/search directory for 
a ’default.jsp" file, finds one, and serves its response to 

the client „ __ 

, default.jsp here? 


Response 


Container | ^ ere 3 


Client 


-(g)^ ‘Here it is..." — 



default.jsp 
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error r ages 


Configuring error pages in the PP 

Sure, you want to be friendly when the usei doesn't know the 
exact resource to ask for when they get to your site or web app, 
so you specify default/welcome files. But you also want to 1m- 
friendly when things go wrong. VVc already looked at this in the 
chapter on Using Custom l ags, so this is just a review. 


Declaring a catch-all error page 

I bis applies to everything in yout web app not just jSPs. 
<error-page> 

<exception-t ype>j ava.lang.Throwable</exception-type > 
<location>/errorPage.j sp</location> 

</ettor-page> 

KYI: you can override this in individual JSPs by adding a 
page directive with an rrmPngt attribute.) 


Declaring an error page for a more explicit e xceptio n 

This configures an error page that's called only when there’s 
an Arithmetic-Exception. If von have both this declaration 
and tire catch-all above, then any exception other than 
Arithmcticlixception w ill still end up at the "errorPagc.jsp". 

•cerror-page> 

- except ion-typo java.iang.ArithmeticException</except ion-type> 
<locatian>/arithmeticError. jsp</locatiori> 

</error-page> 


Declarino an error oaae based on an HTTP status code 

— --—--^---|-w# --- —--*-* * - - - - -- - 

This configures an error page that's c alled only when the sta 
code for the response is “404" file not found), 

<error-paqe> 

<error-code -404</error-ci>de> 

■ locati.jn>/nt-'LFuundError. jap- /lucati >n 
</error-page> 



You can’t use 

<error-code> and 
exception-type> 
together! 

You can configure an error page 
based on the HTTP status code OR 
based on the exception type thrown, 
but you CANNOT have both in the 
same <error-page> tag 
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web app ipployment 



What are you allowed to declare as an exception type in 
<exception-type>? 



A: 

Xj. Anything that’s a Throwable, so that includes java.lang.Error, 
runtime exceptions, and any checked exception (as long as the checked 
exception class is on the Container's classpath, of course). 


Speaking of error handling, can you programmatically 
generate error codes yourself? 

A: 

_fc\ Yes, you can. You can invoke the sendErrorO method on the 
HttpServletResponse, and it'll tell the Container to generate that error 
just as if the Container generated the error on its own. And if you've 
configured an error page to be sent to the client based on that error 
code, that’s what the client will get. And by the way,'error” codes are 
also known as "status" codes, so if you see either one. they mean the 
same thing—HTTP codes for errors. 



H You must use the 

fully-qualified 

class name in 

<exception-type>! 

Don 't be fooled by something like this 

<exception-type> 
lOException 
</exception-typ*> 

You MUST use the fully-qualified class 
name, and any Throwable is allowed 



How about an example of generating your own error code? 


A* 

£\' OK. here's an example: 

reaTsonse.sendErrorfHttnServletResiJonae.SC FORBIDDEN! : 

— * *er - — — - — »-■ - -*■ - m -**• — • - — — — • * • 

which is the same as. 


response.sendError(403); 

If you look in the HttpServletResponse interface, you'll see a bunch of 
constants defined for the common HTTP error/status codes. Keep in 
mind that for the exam, you don’t need to memorize the status codes! 
It's enough to simply know that you can generate error codes, that 
the method is response.sendErrorO, and that in terms of the error 
pages you've defined in the DD, or any other error-handling you do 
in your JSPs, there's no difference between Container-generated and 
programmer-generated HTTP errors. A 403 is a 403 regardless of WHO 
sends the error. Oh yeah, there's also an overloaded two-argument 
version of sendErrorO that takes an int and a String message, 
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load-on-startup configuration 


Configuring servlet initialization in the PP 


You already know liial servlet*, by default, are initialized at first 
request, That means the first client suffers the pain of class loading, 
instantiation, and initialization (setting a ServletContext. invoking 
listeners, etr.i. before the Container can do what it normally dors 
allocate a thread and invoke the servlet's service!) method. 

If you want servlets to he loaded at deploy lime (or at server restart 
timei rather than on first request, use the <load-on-startup> clement 
in the DlJ, Any non-negative value for <load-on-startup> tells the 
Container to initialize the serv let when the app is deployed lor any time 
the server restarts). 

If you have multiple servlets that you want preloaded, and you want to 
control the order in which they’re initialized, the value of <load-on- 
starlup> determines tin- order! In other words, any non-negative value 
means load early, lull the order in which servlets are loaded is based on 
the value of the different <load-on-startup> elements. 



In the DD 


<servlet> 

>KathyOne</servlet-name> 

<servlet-class>foo.DeployTestOne</servlet-class> 

<load-on-startup>l</load-on-startup> 


</servlet> 




Q : 

Wouldn't you ALWAYS want to do this? Shouldn't everyone just 
use <load-on-startup>1 </load-on-startup> by default? 


A: 

To answet that question, you ask yourself, 'How many seivlets do I 
have in my app, and how likely is it that they'll all be used?" And you’ll also 
need to ask,"How long does it take each servlet to load?” Some servlets are 
rarely used, so you might want to conserve resources by not loading the 
rarely used servlets in advance. But some servlets take so painfully long 
to initialize (like the Struts ActionServlet), that you don’t want even a single 
client to experience that much latency. So. only you cart decide, and you’ll 
probably decide on a servlet-by-servlet basis, evaluating both the pain level 
and likelihood of use for each servlet. 




Values greater than 
one do not affect 
the number of 
servlet instances! 

value you use' 

,d-on-startup>4<Aoad-on-startup> 

s NOT mean “load four instances 
ire servlef It means that this 
vlet should be loaded only AFTER 
vlets with a <load-on-star1up > 
vber less than four are loaded, 
d what if there's more than one 
vlet with a <Joad-on-startup> of 4 
o Container loads servfefs with the 
me value in the order in which the 
rvlets are declared in the DD 
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Making an XMl-cowpliant JSP: a 4SP Pocuwent 

This topic didn’t lit wi ll anwhfre else, so we derided to sin k it in this chapter since we’re 
talking about XMI, so imn h. The exam doesn’t require you to he an XML expert, but you do 
have to know two things: the syntax for the key PI) elements, and the basics of making what’s 
known as a JSP Document "As opposed to ivluit? Il a normal JSP isn't a document, what is it.*” 
that's what you’re asking, right:* I hink of it tins way a normal JSP is a fiflgf. unless it’s written 
with the XML alternatives to normal JSP syntax, in which case it becomes a document.) 

All it means is that there arc really tiiv types of syntax you can use to make a JSP. 1’he text in 
grey is the same across both types of syntax. 

Normal JSP page syntax JSP document syntax 

Directives <jsptdirective.page import="ja 

(except tagllb) 

<jsp:declaration> 

Declaration <%! int y - 3; %> lnt y _ 3; 

•/jsp:declaration• 

<jsp:scriptlet> 

Scriptlet 

</jsp:acriptlet* 

<jsp:text> 

Text There is no spoon. There is nc spoon, 

</jspstext> 


Scripting 

Expression 


<%= it.next!) *>> 


<jsp:expression> 
ir • next. *' 

• /jsp: expression.* 




T>o.k\ This is all the exam covers on JSP Documents. 

r We gorng 10 say any »*>"> aboutj, bee^TZax'sZdmJnly 
JSP documents is probably not Mmolomg your normal JSP 

by tools, and the table above tust shows you rf wn[e lh/s by hand—the 

syntax into an XML document There IS more>you i w tiich includes some 

Ltc document, tor example. Is usually atag. rather than as a 

So,eM 
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configuring JB references 


Memorizing the EJP-related PP tags 


This exam is about web components, not business components (although in the 
Patterns chapter, you’ll see a few tilings aboui business components). But if you’re 
deploying aJl’EE app, complete with Enterprise JavaBran* EJBsi in the business 
tier, some of your web components will probably need to lookup and access the 
enterprise beans. II you’re deploying an app in a full J2EE-compliant Container 
one that has an E)B Container as well.', you t an define references to EJBs in the 
1)1). You don't have to know anything about lyJBs for ibis exam, other than what you 
declare iu the 1)1), so we won't waste your time explaining it here.* 


Reference to a local bean 


TheJNDI WJ? 


*a»»t 


<e jb-local-ref> 

<e jb-ref-name->e jb/Custoiner<7e jb-ref-name 
<ejb-ref-type>Enti ty</ejb-ref-type • 

<local-home> mart .CustOItteritQl </local-home> 

<local>c Ti.wickertlysmart .Custoiner</local> \ 

</ejb-local-ref> T1 j 

names 



^exposed 


A LOCAL beon means the client (in 
this case, a servlet) and the bean 
must be running in the same JVM 


Reference to a remote bean 

<«jb-r«£> 

<ejb-ref-name>ejb/LocalCustomer</ejb-ref-name 
<e;|b-ret-type>t;ntity< /e^b-ret-t y r pe> 

<home> ‘ . w i eked I ysmart. Cus ur.erKotne</hame> 

<remote>com.wi i-kediysmart .Customer</remote> 



</ejb-ref> 

(Optical svb-elemc*ts (or both ta<)s include 
<des£ript«on> and <e,b-l.nk>, but you don't 
need to knosu that (or the exam ) 


A REMOTE bean means the client (in 
this case, o servlet) and the bean can 
be running in different JVMs (possibly 
on different physical machines as well) 


• But if you're interested in l,|B. there's this really good book... 
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The LOCAL and REMOTE 
tags are inconsistent! 

Both the local and remote Men DO lags Have two etemoots 

nw <wbaef S naioe> that lists the logical lookup name 
SEES 00,0 to Sr o^op^ot- 

S EJfc Too don t know wtiat ttiat last sentence 

rr; rrrrw^r z^Z- 

“ g HZ some JVM as the W 

SS^mssk* 

that it’s 


II 


<ejb-local-ref> 'f et 

8uf NO' For remote beans. Its just. 

<ejb ref> * ^* ere ‘ no 'Veniote'* m -the iag 

==£-iSS- 

“SHricssssr 

differentiate between local and remote, so no nee 

“remote” in tee ngming inco ns'stency~ 

This also explains the OTHcrt rag n inret 

rne name of the tag for the hean S nonm »««• —-- 

bean uses 

<local-home> f 
but a remote bean does NOT use 
_ Irt/ron 


</^^^e-bome> ^ 

For remote beans, it s just- 


<home> 




configuring the -env-entry> 


Memorizing the JNPI <env-entry> PP tag 

If you’re familiar with KJB und/orJNDI, this will make sense If you’re 
not, ii doesn't really matter for the exam as long as you memorize the 
tag. (The details surrounding,JNDI environment entries are covered in 
EJB/J2EE books like the lovely Hmd First !\)tS. 

Think of an environment entry as being something like a deploy-time 
constant that your app can use. much like serv let and context inil 
parameters. In other words, a way for the deployer to pass values into 
the servlet (or in this case, an KJB as well il this is deployed as part of an 
enterprise application in a fullyj2KK-rompliant server 

At deploy time, the Container reads the 1)1) and makes a JNDI entry 
again, assuming this is a fully j2EK-ionipliaiit app, and not just a set t er 
with only a urb Container!, using the name and value you supply in this 
1)1) tag. At runtime, a component in the application t an look tip the 
value in JNDI. using the name listed in the Dl) You probably won't rare 
about <cnv-cntry> unless you're also developing with EJBs, so the only- 
reason you need to memorize thi> is for the exam. 


Declaring an app’s JNDI environment entry 


<env-entry> 




The look-? T 


W 'U vae ti> t-odt 


- i -name - -name 
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Memorizing the <mime-mapping> PP tag 

You ran configure a mapping between an e xtension am! a mime type in the 
DD. I bis will probably be the easiest tag to remember, because it just makes 
sense you map between an extrusion and a mime trpe, ami guess what? In 
a rare moment of simpli< ity and clarity, they named the tag sub-elements 
“extension" and "mime-type". 1 bat means you have to remember only one 
thing Umt the lag elements are mimed for exactly what they are! 

Unless you start thinking of it as "file-type" and "content-type" But no. you 
won't do that. You'll memorize it just like this. 


Declaring a <mime-mapping> 

<mimo-mapping> po NOT «rc\s*de the 
<extonsion>mpg</extension> 

<miroe - type>v vie o /mpeg</mime - type> 
</mime-mapping> 


«»| 


I 0 r 


Don’t include 
the in the 

extension! 

It'S just the characters that make 
up the extension, not the that 
separates the hie name from the 
extension 


& 


It’s not <file-type> and 
<content-type>! 

Bum it m—<extension> and <mime-type>. 
< extension> and <mime~type> 

<extension> and <mime-type> 

<extension> and <mime-type> 

■^extensions and <mime-type> 
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exercise on deployment 


^Sharpen your pencil Where things go 

Fill in this table with explicit notes on where in the web app 
the given resource must be placed We did the first one for 
you Turn the page for the answers 


Resource type 

Deployment location 

Deployment Descriptor 

(webxml) 

Directly inside WEB-IM" (which is directly inside the root oT 
the web app) 

Tag Files 

( tag or tagx) 


HTML and JSPs 

(That you want to be 
directly accessible.) 


HTML and JSPs 

(That you want to “hide'' 
from direct client access ) 


TLDs 

(tld) 


Servlet classes 


Tag Handler classes 


JAR files 
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web app ipployment 


•^Sharpen your pencil 


> 


Memorizing DD tags 

If you re NOT planning on taking the 
exam don't worry about getting all 
of these right (although the bottom 
two elements are important to 
almost everyone) 

If you ARE going to take the exam, 
you should spend some time 
memonzmg these 


< _>ejb/Customer<_> 

< e j b-ref-t ype >Ent i ty< /el b-ref-type> 

■ _-com. wickedlyamart. Oust omer Horne-_> 

oca 1 --com .wicked 1 yrmart.Customer< / 1 ocai > 

< > 


<ejb-ref> 

<_>ejb/LoealCustomer< _> 

<ejb-ref-type>Enrity</ejb-ref-type> 


< _.-•cotn.wickedlysniart .Cust • _ 

< _>com.wickedlysmart.Customer<_ z 

</ejb-ref> 


<env-entry> 


< _>rates/discQuntiUte<_> 

< _>java.lang. Integer-:_> 

<env-entry-value:>10</env-entry-value> 

</onu-unrr 


<error-page> 

< _>java.io.IOException<_ > 

< _>/myerror. j sp< _>_ 

</error-page> 


< _ > 

<welcome- f i le>mdex. html < /welcome-1 i le> 

< > 
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exercise on deployment 


Sharpen your pencil 


Where things go 

Fill in this table with explicit notes on where in the web app 
the resource must be placed We did the first one for you. 


Resource type 

Deployment location 

Deployment Descriptor 

(webxml) 

Directly ms»de WEB-INF (which is directly inside the root of 
the wet app) 

Tag Files 

( tag or tagx) 

if NOT deployed inside a JAR. Taj Files must be ms.de WEB-INF/tajs, or 
a subdirectory of WEB-INF/tajs if deployed in a JAR, Taj Files must 
be m META- INF/tajs, or a subdirectory of /VIETA-1NF/tajs Note Taj 

Files deployed in a JAR must have a TLD in the JAR 

HTML and JSPs 

(That you want to be 
directly accessible.) 

Client-accessible HTML and JSPs can be anywhere under the root of the web app 
or any of its subdirectories, EXCEPT they cannot be under WEB-INF (mcludinj 
subdirectories) In a WAR file, they can t be under META-INF (mcludmj subdirectories) 

HTML and JSPs 

(That you want to “hide' 
from direct client access ) 

Pajes under WEB-INF (or /META-INF in a WAR file) cannot be directly 
accessed by clients 

TLDs 

(tld) 

if NOT mside a JAR, TLD files must be somewhere under WEB-INF or 
a subdirectory of WEB-INF If deployed in a JAR, TLD files must be 
somewhere under META-INF, or a subdirectory of META-INF 

Servlet classes 

Servlet classes must be in a directwy structure matchinj the packaje 
structure, placed directory under WEB-INF/classes (for example, class com 
eujmpleRinj would be ,»s,d< WEB-INF/<b«es/<ow/e*ample), or ,» the 
appropriate packaje directories within a JAR mside WEB-INF/lib) 

Tag Handler classes 

Actually ALL classes used by the web-app (unless they’re part of the class 
libraries on the classpath) must follow the same rules as servlet classes—inside 

WEB-INF/classes, in a directory structure matchmj the packaje (or m the 
appropriate packaje directories withm a JAR mside WEB-INF/I.b) 

JAR files 

JAR files must be mside the WEB-INF/lib directory 
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^Sharpen your pencil 


Memorizing DD tags 

ANSWERS 


A reJerenCe to a bean that 

< ejb-local-ret > a “ lotal " mWfate 

ejb—ret—name >e;jb/Customer* /ejb-ret-name 

eib-ref-type -Er.tity /ejb-ref-type ■ 

total—home com. wickedly smart .Cust :*merHome< /total-home 
<local>com.wickedlysmart.Customer</local> 


H you are going to take the exam. < /e.b-local-ret 

you should spend some time 

memonzing ALL of these (plus any - 

of the others from from this chapter <eib-ref > 

and the security-related tags you'll . . 

see m the next chapter) < cjb-ret-name >ejb/Locaicust mer* /ejb-ret-name 

<ejb-ref-type>Entity</ejb-ref-type> 


A «terenCe to a bea« that 
i "remote interface 


< home >com.wickedlysmart.CustomerHome* /home 

(remote cr.jti.wicked; /smart.Customer /(remote 
c/ejb-ref > 


<env-entry> 

env-entry—name ; ates/oiscountkate / env-entry-name 

An environment entry is 

a I«ay to jet deploy-time < env-entry-type >iava. lang.Integer< /env-entry-type > 

eonstanti into a JZEE 11 

application <env-entry-value>10</env-entry-value> 

</env-entry> 


r Lainfr ^biCh ?^l e 

<evZ.evt.on-ty?« 


<error-page> 

exception-type *jav.. i . :< Except i n / exception-type 

location /myerr. t: , j sp /location 

</error-page • 


Teds tke Container which page 

* Ken a ****** tonei 
*" ***** do «"t match a specify 
resource There can be more than 
one <welcome—f,|e> specified m 
the <welcome—file-|ist> 


welcome-tde-list 

* welcome-£ ile -• index. hta»l< /wel come-f i le> 

/ welcome-tile-list 
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Where t an <init-param> elements appear in the t)D? 

| iChoosc all that apply.) 

^ A. As child elements of <servlet> 

^ LI As direct descendants ol <web-application> elements. 
□ C. Just after the Document Type Declaration. 

_J D. Inside of <context-param> elements when you warn to 
declare a context initialization parameter. 


Where do von store lag Library Descriptors TI.Dsi, in a web application? 
2 (Choose all that apply.) 

□ A. Only in /WEB-INF/lib 

□ B. Only in /WEB-INF/classes 

□ C. In the /META-INF directory of a JAR file inside 

/WEB-INF/lib 

Q D. At the application’s top-level directory. 

U f. Ill /WEB-INF or a sub-directory thereof. 


1 


Which statements about W AR files arc true? (Choose all that apply. 
Q A. WAR stands Ibr Web Application Resources file. 

J B. A valid W AR file must contain a deployment descriptor. 

□ C. Several WAR files can compose a web application. 

Q I). A WAR file cannot contain embedded JAR files. 
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I’he following servlet is declared in the DU: 

<servlet> 

<servlet-name>MyServlet</servlet-name> 
<servlet-class>cara.myorg.ServletClass</servlet-class> 
</servlet> 

Where can you store the servlet class in the web application:' (Choose all that 
apply.) 

□ A. In /META-INF of a JAR lile. 

CD ti. In the package-related directory tree begining at the top level of the 
application diret tory. 

□ ( In /WEB-INF/classes or in a JAR file in /WEB-INF/lib 

□ I) In /WEB-INF/lib outside of a JAR lib 


What is the purpose of the deployment descriptor ;1)D)? Choose all that 

apply.) 

CD A. To allow codr-generation tools to dynamically create servlets from an 

XMJ file. 

CD B To convrv thr web-application configuration information from 
developers to application assemblers and deployers. 

CD C To configure vendor-specific aspects of the applk ation. 

CD I). T<* configure olds datahase and Enterprise JavaBean access from the 
web application. 


Where should web xml be stored in a W AR file? Choose all that applv 


□ 

A. 

In /WEB-INF/classes 

□ 

IS. 

In /WEB-INF/lib 

□ 

C. 

In /WEB-INF. 

□ 

D. 

In /META-INF. 
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mock warn 


Given: 

10. <%@ page import="java.util.*" %> 

11. <jsp:import imports"java.util.*" /> 

12. <jsp:directive.page imports"java.util./> 

13. <jsp:page imports"java.util.*" /> 

Assume tin* prefix “jsp" h.is been mapped l<> the namespace 

http://java.sun.com/JSP/Page 

Which are true? (Chome all that apply.) 

LJ A. lanes 10 and 12 are equivalent in any type of JSI’page. 

Q B. lane 10 is not valid in a JSP document iXME-bnsed document i. 

LI C. Line 11 will properly import the java.util package. 

D D. Line 12 will properly import the java.util package. 

—) E. Line LI will properly import the java.util package. 


Which statements about <init-param> 1)1) elements are true? 

(Choose all that apply.) 

CD A. 1 hey are used to declare initialization parameters for a 
specific servlet. 

□ B. They are used to declare initialization parameters for an 
entire web app. 

(CD C. The method that retrieves these parameters has a signature 
that returns an Object 

Q 1). rhe method that retrieves these parameters taker, u Siring. 


Which arc 1)1) elements that provide )N 1)1 access toj2EE components? 
(Choose all that apply, i 

CD A. <ejb-ref> 

□ B. <entity-ref> 

J C. <ojb-local-ref> 

CD D. <session-ref> 

CD E. <ejb-remote-ref> 
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Till- following servlet is registered in the DD: 

<servlet> 

<servlet-name>action</servlet-name> 

<servlet-class>com.myorg.ActionClass</servlet-class> 

</servlet> 

Choose the correct mappings for this servlet. (Choose all that apply 

Q A. <servlet-mapping> 

<servlet-name>action</servlet-name> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping> 

J R. <servlet-mapping> 

<servlet-nante>com.myorg.ActionClass</servlet-name> 
<url-pattem>* .do</url-pattern> 

</servlet-mapping> 

O C. <servlet-mapping> 

<servlet-name>action</servlet-name> 

<url-pattern>/controller</url-pattern> 

</servlet-mapping> 

—1 1). <scrvlot-mapping> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping> 

J E. <servlet-mapping> 

<servlet-namG>action</ sorvlot-namc> 
</servlet-mapping> 


fin which type of web app components can dependencies be defined? Choose 
11 all that apply.) 

□ A. JSP files 

□ B WAR files 

Q C. classes 

□ 1). libraries 

i_) K manifest files 
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12 


Whic h are valid dec larations in aJSP Dot utnent (XME-bascd document)? 
(Choose all dial apply.) 

Li A. <jsp:declaration 

xmlns:jsp="http://java.sun.com/JSP/Page"> 
int x = 0; 

</jsp:declaration> 

□ B. <jsp:declaration 

xmlns:jsp="http://java.sun.com/JSP/Page"> 
int x; 

</jsp:declaration> 

□ C. <%( int x - 0; %> 

□ 1). <%! int x; %> 


13 


Which 2.+deployment descriptor elements may appear before the <web-app> 
element? (Choose all that apply. 


A. <listener> 

□ B. <context-param> 

LI C. <servlet> 

LJ 1). No XML elements may appear before the <web-app> element. 


Which statement* rrineortiit'ijj the eontaiiier class loader are lrne J 

14 (Choose all that apply.) 

□ A. Web applications should NO’l attempt to override container 
implementation classes. 

-] B. A well application must not attempt to load resources from 

within the WAR file using the J2SE semantics of gctResourcc. 

Q C. A web application may override anyj2EE classes in the javax.* 
namespace. 

D L) A web develajH'r may override J2EE platform classes provided 
they are c ontained in a library JAR within a WAR 
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(^hxfctci U /ftbiwcn 


1 


When- * .in <init-parara> elements appear in ilir DD? 

(Choose all lhai apply.) 

0/ A. As child elements of <servlet> 

G 11. As direct descendants of <web-application> elements 
—] G. Just .liter the Docutnent Type Oct I.nation. 

G t). Inside of <context-parara> elements when you want to 
declare a context initialization parameter. 


(Servlet *pet 


-Option B is mtoerett because 
wfD *ml does not ton tills its 
element named <web-ippkition> 

— Option 0 *s intceredt betivsc 
<tonte*t-pirim> elements do 
not ton tain <init-pieim> 


2 


l^b) 

When- do yon store l ag Library Descriptors ;Tl.l)si, iti a web application? (JSP ^ 

i Choose all that apply. 

□ A. Only ill /WEB-INF/lib 

G B. Only in /WEB-INF/classes -The tonti'ner will not antomatitally 

C. In tin /META-INF directory or a JAR file inside NF/t lawei^VvI&B-1 NF/l.b 

/WEB-INF/lib v 


G 1). 



Al the application's top-level directory. 

In /WEB-INF or a sub-directory thereof. 


3 


Which statements about WAR files are true? (Choose all that apply* 


(servlet spec 


t\ <> ‘ ^ fc > 


□ A. 

sf B. 

G c. 

G D 


WAR stands lor Web Application Resources file. 

A valid W AR file must contain a deployment desniptor. 
Scvcrrd WAR files can compose a web application. 

A WAR file cannot contain embedded JAR files. 


-WAR stinds ■foe Web ARthive, 
and portions of i web appkit.on 
eannot be tonti'ned in a WAR 
file; only in entire ippkition tan 
reside within i WAR f'lt 
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mock ins wei r, 


4 


the following servlet is declared in the 1)1): 

<servlet> 

<servlet-name>MyServlet</servlet-name> 
<servlet-class>com.myorg.ServletClass</servlet-class> 
</servlet> 


(Servlet spec f 10) 


Wlicrr ran you store the servlet class in the web application? (Choose all that 
apply.) 

□ A. In /META-INF of aJAR lile. 

LI B. In the package-related directory tree begining at the top level of the 
application directory. 

A C. In /WEB-INF/classes or in aJAR lile in /WEB-INF/lib 

LI 1). In /WEB-INF/lib outside of a JAR. lile. _0ytion D is not Correct because /WEB-INF/lib 

« designed as the Container for JAR tiles 


5 


Wlial is the purpose of the deployment descriptot 1)1)}? Choose all that 
apply.) 

LI A. To allow code-generation tools to dvnamii alh create servlets from .in 
XM1 Die. 


A B 


lb convex the web-application configiiralion information front 
developers to application assemblers and deployers, 


LI C. To con figure x’endor-specifii aspects of the application. 

L T). To configure onlv database and Enterprise Java Bean access from the 
web applit alion. 


(Servlet spec p 103) 


-Option P IS micturate 
became these concerns 
are just a subset of the 
PP s purpose 


W here should web. xml be stored in a WAR lile? (Choose nil that apply ) (So viet sfcC p lO) 

° □ A. In /WEB-INF/classes 

□ 11 In /WEB-INF/lib 

M C. In /WEB-INF _web v»l should be stored in /WfcB-INF 

□ D. In /META-INF. regardless of whether the deployment 

involves a WAR or an exploded directory 
structure 
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(liven: 


(JSP v2-0 TO l ' l ^ ) 


10. <%9 page import-"java.util .*" %> 

11. <jsp:import lmport="java.util .*" /> 

12. <jsp:directive.page import-"java.util.*" /> 

13. <jsp:page import-"java.util./> 


Assume the prefix “jsp” has been mapped to ihe namespace 

http://java.sun.com/JSP/Page 

.... , , .... . -Option h is mtorirett bcdA.se line 10 

\\ Inch are true? (Chome all that apply.) J, |d be mvatld m a JSP Dotu~ent 

□ A. I.ines |0 and 12 are equivalent in any type of JSP page. ()<A1L— based dotu-entJ 


of R 


l.irie 10 is not Valid in a JSP document (XML-basrd document). 


□ C. 

\A i). 

□ E. 


Line 11 will properly import the java.util package. 
Line 12 will properly import the java.util package. 
Line I f will properly import the java.util package. 


-Option! C Sisd E drt invalid as 
they art not valid ele-ents in the 
http//java sun to-/ JSP/Pa je 
na—espate 


Which statements about <init-param> 1)1) elements are true? 
(Choose all that apply.) 


^ A 


1 hey arc used to declare initialization parameters for a 
specific servlet. 


□ B. 


They arc used to declare initialization parameters for an 
entirr web app. 


□ C. 

q/ i) 


I he method that retrieves these parameters has n signature 
that returns an Object. 

The method that retries*-! these parameter • takes a Stritif*. 


-SRVB < AP1> 

-Initialization parameters tiry 
have -eb app st©ye or servlet 
s4ope Those with servlet 

sdofe are named <mit-param> 

in the DD, and take and 
return a String Those with 
web app si.ope are named 
<£onteitt-para-> m the DD 
and also take and return a 
string 


W hich arc DD elements that provide JND1 access toj2EE components? 
(Choose all that apply.) 

utf A. <ejb-ref> 


(servlet spetl 11} 


□ B 

C. 

□ D 

□ E. 


<entity-ref> 
<ejb-local-ref> 
<session-ref> 
<ejb-remote-ref> 


-In addition, <e\b-!otal-ref> also provides 
the web app Creator with a JNDI re rerente 
to J2.EE do—ponentl- 
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mock answers 


10 


The following servlet is registered in the DD: ^ ^ ^ 

<servlet> 

<servlet-name>action</servlet-name> 

<servlet-class>coin.myorg.ActionClass</servlet-class> 

</servlet> 

Choose the correct mappings 1'rsr this servlet, i Choose all that apply.) 

^ A. <servlet-mapping> 

<servlet-name>action</servlet-name> 

<url-pattern>*. do</url-pattom> 

</servlet-mapping> 

^ R. <servlet-mapping> 

<servlet-name>cora. myorg. ActionClass</servlet-nanve> 
<url-pattern>*. do</url-pattem> 

. </servlet-mapping> 

2 C. <servlet-mapping> B L “ k«***e .t 

<servlet-name>action</servlet-name> serdet* class ^ 1 

<url-pattern>/controller</url-pattern> 

</servlet-mapping> 

—I l). <servlet-mapping> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping> 

□ E. <servlet-mapping> D ■* barred bcUsH -t 

<servlet-name>action</servlet-naine> 0 7''^ s V’ e r <ie ' rV * -.1 

</servlet-mapping> 


element of <*«tnilet-mafymy 


11 


Hur which type of web app components can dependent ies be delined? :Chon*e 
all lh.it apply 

□ A. JSP liles 

□ B WAR tiles 
0 C. classes 
'd 1). libraries 

□ E. manifest files 


( ie rvlet ^ 


- Libraries dependend.es us be defined m 
the /META-INF/MNIFKT.AIF file 
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web app “ploy men: 


Whirl) are valid declarations in aJSI’ Document (XML-based document:? 
(Choose all iltat apply.) 


A A. 

A B. 


< jsp:declaration 

xmlns:jsp="http://java.sun.com/JSP/Pago"> 
int x = 0; 

</j sp:declaration> 

<jsp:declaration 

xmlns:jsp="http://java.sun.com/JSP/Page"> 


int x; 

</jsp:declaration> 


□ C. <%! int x - 0; %> 

□ 1). <%! int x; %> 


-Options C andD art interred 
because o«ly the <bp declaration 
iynis* is valid in Documents 


(JSP v 2-0 ft l' lV)) 


Which 2.4 deployment descriptor elements ma\ appear before the <web-app> 
element? (Choose all that apply. 


(Servlet ■ ? IOl) 


J A. <listener> 

J B. <context-param> 
J C. <servlet> 

A I) NoXMLelet 


I'mi'iils in 




-The <u«b-af ? > element .* the root element 
the web application deployment desenpter 


Which statements ■ oncernirijt; the container class loader are line-* 


(Servlet s pee, ^ 


(Choose all that applv 

» 

id A Web applications should NO'I attempt to uvei■ ide ionl.tinei 
implementation classes. 

^ B. A web application must not attempt to load resources from 

within the WAR lilo usitisj the J2SE semantics of yet Resource. 

Q C. A web application may override any J2EE classes in the javax.* 


—Option 8 is inCorrect because the 
weoapp may use the ^etRcsource 
method "from the webapp’s class 
loader to access any WAR tile 


namespace. 

L) 1 ). A web developer may override J 2 EE platform classes provided -Options C f D are mCorrect 
they are contained in a library JAR within a WAR. because the webapp must NOT 

override any class in the java * 
or java* # namespaces 
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12 web app Security 


Keep it secret, keep it safe 



Your web app is in danger. Trouble lurks in every comer of the 

network, ae crackers, scammers, and criminals try to break into your syetem 
to steal, take advantage, or just have a little fun with your site. You don t want 
the Bad Guys listening in to your online store transactions, picking off credit 
card numbers You don t want the Bad Guys convincing your server that 
they re actually the Special Customers Who Get Big Discounts And you don t 
want anyone (good OR bad) looking at sensitive employee data Does Jim in 
marketing really need to know that Lisa in engineenng makes three times as 
much as he does? And do you really want Jim to take matters into his own hands 
and login (unauthorized) to the UpdatePayroll servlet? 


tills Is a new chapter 
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official Sun exam objectives 


OSJtKTWES 



Web Application Security 


Coverage Notes: 


5.1 Based on the servlet specification, compare 
and contrast the following secunty issues; 
(a) authentication, (b) authorization, (c) data 
integrity, and (d) confidentiality. 


All of the objectives in this section tier coverrrl 
completely in this chapter, including security- 
related DD elements that Hire XOT coined in 
the deployment chap let. 


Hr can't make you a complete security being, 
5.2 In the deployment descriptor, declare the hut the content in this chapter is a start, and 

following: a security constraint, a Web resource, it's every thing you need for the exam. 

the transport guarantee, the login configuration, 
and a security role. 


5.3 Given an authentication type (BASIC, DIGEST, 
FORM, and CLIENT-CERT), describe its 
mechanism. 
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web app security 


The Pad Guys are everywhere 

As a web application developer you n«*d to pmtec t your welt sin-. 
There are three main kinds of bodguy\ you need to watch out for: 

Impersonators. Upgraders. and Eavesdroppers 




. / I'm in tool I'm already 
a regular member, but now 
I figured out how to sneak in 
to the Premium Members 
“l area, and now I can do 
ANY THIN© . 


n/s/• ▼ /e\ <ir«i k . _ 

ruo i / ouy w i t nutscoum .jsp 


Naughty Upgrader 


... 


*Mml> 

Wm 

» 

Enter Credit Cord <# 

<input type-text nome-‘ccNiim"> 


</html> 
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evil eavesdroppers 


And it's not just the SERVER that gets hurt... 

Eavesdroppers ran I >»• the* worst. Not only are they trying to seam 
your web itpp, l>ut they ran burn some of your good clients too. A double 
hit. II an eavesdropper is suceessful. he’ll swipe your client's credit card 
information and charge up a storm. 



Innocent Usee 



Evil Eavesdropper 
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The Pig 4 in servlet security 


Servlet security helps you (he well app developer 
toil Impersonators. Upgraders, and Eavesdroppers. 
As far as the srrvlei specification is concerned ami 
hence, the exam), srrvln security boils down to four 
main concepts: authentication authorization, 
confidentiality, and data integrity. 


OK buddy, I got your 
request, but how do I know you 

are who you say you are? 


Busted 


HTTP request 


Look Delbert, before 
I can send you this special 
Premium web page I nave to 

\ makc sure you're allowed 
. to see it... . 


0 Authentication 

(to foil Impersonators) 


Busted. 


HTTP request 


./ Shhh... OK, we've ' 
got to make sure that 
no one can look at or mess 
with what I'm about to 
send out,.. 


Busted 


0 Authorization 

(to foil Upgraders) 


■>*rXU 

•4ft!I 


0 Confidentiality 0 Data Integrity 

(to foil Eavesdroppers) 
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Bob's security o/ec: 


A little security story 

()iH* day Bolt’s boss called Bob into Ins oflio'. "I'w 
got an exc iting new projec t lor yon!” his boss 
said. Bob groaned, "1 knots I've handed you 
some bad jobs in the past. Inn this one should 
be really fun... I'd like you to design the security 
lor our company’s new eCommerce web site.” 
"Security" Bob said, "is hard and boring.” “No 
vou’re wrong...” the boss said. "In J2KK M, servlet 
security is supposed to be pretty cool." 

The boss continued, “b't me give you the elevator 
pilch to get you going, then we’ll go into details 
once you've had a chance to think this through." 
"Ok.” Bolt sighed. "Lay it on me.” 

"As you know, this beer website is really hot right 
now. We’ve added several new features, and we’re 
getting a great response. Some of out users are 
happy with just the Jrtt rec ipes we oiler, but a lot 
more people than we thought are willing to pay 
lor our rare hops and other premium ingredients. 

• )h. and our Frequent Brewer program is a huge 
hit. Il a user decides he’ll lie a repeat ingredient 
buyer, he can pay a one time fee and upgrade to 
Brew Master status. A Brew Master get special 
discounts, and cants Frtqurnl Btrun points whic h lie 
can redeem for cool brew rewards.” 

Boh continued to listen, mentally calculating the 
code he'll have to write to implement all this, and 
kissing that tropical vacation goodbye. Meanwhile, 
the I loss continued... 

But now we have to make sure that when one oi 
our users makes a purc hase, no one can swipe his 
credit card information. Oh. another thing, we'd 
belter make sure that when a member logs in, it's not 
actually one of his friends trying to sneak in. 1 think 
we need to require that members have passwords 
from now on.” 


"It's all making sense so far.” said Bob. "When users 
place an order with us, do we want to give them 
some sort of confirmation code?" “Great idea," 
said the boss. “I )lt. and one more thing I forgot 
you better make sure that only our Frequent 
Brewers get the special discounts." 

"1 think this is enough." said the boss. "But you 
know... the way things are going, it probably won’t 
be too long before we offer some sort of platinum 
membership level..." 



FLEX YOUR MIND 


Which security concepts are 
mentioned in the story? 

Reread Ihe story and annotate the places where 
the boss's requirements call for 


• authentication 

- authorization 

• confidentiality 

- data integrity 


/V/s-'sK ii/saK ii/a bwAiti thie ie aKoiai i<> Kt it iua Va 


l lean, yean, nru r\nu«v mo to uuviuuo uut wvcicjuai 


warming up the topic before it gets down and dirty) 
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HTTP lulhentiration 


How to Authenticate in HTTP World: 
the beginning of a secure transaction 

LtT» >tart with a !■ m >k at the communications that occur 
between a browser and a web c ontainer when the client asks 
for a secure resource on the web site. It's BASIC, really. 


The HTTP perspective... 



1 The browser makes a request for a 
web resource, 'update jsp" 

2 The server determines that ‘update 
jsp’ is a constrained resource 

3 The container sends back an HTTP 
401 (‘Unauthorized"), with a 
www-authenlicate header and realm 
information. 


The HTTP header used 

for authentication . 






SET /update jsp 
Authorization: 
Basic: x5w3..= 


I User : Bob.S | [| 

/ h . 1 i . i irr A ~Q 



© 


Client 


v 


'U 


web server 


4 The browser gets the 401 and based 
on the Realm info asks the user for his 
username and password 

5 The browser asks for "update jsp" 
again (stateless, remember), but this time 
the request includes a security HTTP 
header, and a username and password 

6 The Container venfies that the 
username and password match, and if 
they do. performs authorization 

7 If all the security stuff is good, the 
Container returns the HTML, if not it 
returns another HTTP 401.. 
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web app security 


A slightly closer look at how the Container 
does Authentication and Authorization 

On the Iasi page we skimmed oxer what the Container was doing. 
Throughout ihis chapter xxe'll hit different levels of detail, and here 
xxe zoom in just a litlle... 


The Container perspective... 



1 Having received Ihe request, 
the container finds the URL in the 
'secunty table’ (stored in whatever 
the Container is using to keep 
secunty info) 

2 If fhe Container finds the URL 
in the security table, il checks 

to see whether the requested 
resource is constrained If it is, it 
returns 401... 



1 When the Container receives 
a request willi a username and 

password, it checks the URL in the 
security table 

2 If it finds the URL in the security 
table (and sees that it s constrained) 
it checks the username and 
password information to make sure 
they match. 

3 If the username and password 
are OK, the Container checks to see 
If the user has been assigned the 
correct foie to access this resource 
(i.e authorization) If so, the 
resource is returned to the client 
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authentication overview 


How did the Container do that ? 

You just got an overview of how the Container handles 
authentication and authorization. But what was going 
on inside the Container that made all ■ hat happen: 1 Let's 
speculate a little on what was going oil behind the scenes, 
deep down in the heart of the Container... 

Things the Container did: 

® Performed a lookup on the resource 
being requested 

Y\i- already know that the Container is really 
good at finding resources. But now, once il finds 
the resource, it has to determine whether it’s 
a resource that anyone can view, or whether the 
resource has security nmstrmnts Does the servlet 
itself have some sort of security Hag.' I> there a 
tabic somewhere? 

@ Performed some authentication 

Once the Container determines that ifs dealing 
with a secured resource, it has to nulluntimte 
die client. In other words, to find out if “Bob” 
really is Bob. I he most common way is to see il 
Bob knows his own password.j 


J I put o LOT of 

cycles into security! \ 
Anything you can do to make J 
security efficient will be a / 
big help for performance ) 



Server 




FLEX YOU* NIND 


® Performed some authorization 

( tnrn I tin ( YinCiinf-r fjplrrnimri thru it !5 * lie rr.ij 

Bob asking lor Hus resource, the Container has 
to see whether Bob is allowed access to that 
resource. Ian’s see, if we have 2.001).000 users, 
and 100 servlets in our webapp, we could throw 
together a liule table with 200,000,000 cells... 

\N hoa! This could get out of hand in a hurry il 
we’re not careful. 


Which bits of security logic 
and information should be 
hardcoded in the servlet? 

names and passwords'? 
users roles’ 

access rules for each servlet? 
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Keep security out of the code! 

For most web apps. most of the time, the web upp's security 
constraints should he handled dtclatnUrfly , in the deployment 

descriptor- Why? 


Top Ten Reasons to do 
your security declaratively 

® Who doesn't need 


more XML practice? 

© ar=K;~a» 

® Looks great on your resume. 

I ® w°ten m more nex“tetays° U Ve 

© It s on the exam. 

© Allo ^s application developer*? fn ™ 

^ servlets without access rnfhf euse 

ccess to the source code 

© It s just cool. 

• apTSngCf, when your 
® Co n n a Sner WaV,0iUS ' i,ylhe “ s 'of 1 ha t 

© &Zem ' dea0, ~ e n,.based 


you are hero » 
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who does security 


Who implements security in a web app? 




My job is easy. Most of 
the time, I don't even have to 
think about security when I'm writing 
a servlet -And that’s good, because 
my philosophy is "Security is 
hard., don’t do it * 


Kim the servlet 
provider 


My job is more involved, I decide 
which roles make sense in the 
application. For Kim's beer application 
Guest, Member, and Admin are key roles. 
Then I add these roles to the users in our 
Container's users file. Since we use tomcat, 
our file is called tomcat-users.xml. 


Annie the 

application 

administrator 


My job is huge 1 Once I have a list of Annie's 
roles, and a description of what Kim's servlets 
do, I can decide which roles should have access to 
which servlets. The deployment descriptor provides 
me with an easy, if somewhat verbose, way to tell 
the Container who has access to which servlets And 
let me tell you. they don't pay me enough.^ 
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Duiii I' (Jucsttpiw 


0 : 

I'm confused—if I'm creating servlets, 
shouldn't I be thinking about security considerations? 


O: 

It seems like when people talk about servlet 
security the term "role" is overloaded... 


A: 

Xx Yes, you should; Kim the servlet provider was 
being a little sarcastic. A key point when designing 
servlets is their modularity. For instance, it makes 
sense to separate browsing capabilities from updating 
capabilities. If these two use cases are implemented in 
separate servlets then it will be easy for the deployer to 
assign different security constraints to them. 


0: 

I don't know where YOU work, but in my 
situation I have to wear all three hats: developer, 
admin, and deployer. 


A: 

Xx That's actually a very common situation. We still 
recommend that when you're implementing security 
you do it in stages and "imagine" that you're wearing one 
hat at a time. 


O: 

How does programmatic security fit into the 
picture? 


A: 

Xx We ll get to programmatic security later in the 
chapter. For now, what's important to know is that you'll 
probably find that 95<K> of the security work you'll do in 
servlets will be declarative. Programmatic security just 
isfi’i vised Vefy much. (See “Tup Ten Reasons...") 


O: 

So far everything you've talked about is related 
to authentication and authorization, how about the 
other two in “The Big Four”? 


A *. 

Xx* We ll talk about confidentiality and data integrity 
later in this chapter. The servlet specification makes 
implementing these concepts very easy, so we're 
focusing on authentication and authorization because 
they're the most complicated to understand and 
implement, and, hint hint, more likely to show up on the 
exam. 


A: 

Xx Good point! When Sun designs J2EE specs 
(EJBs. servlets, JSPs), they often think in terms of the 
kinds of people who might create and administer these 
components. In other words, IT-related job roles. When 
developers tackle security for web apps, they think about 
the types of users that might exist. For instance a "guest' 
might have very few privileges within a web app. and a 
"member'' might have more privileges. These "user roles' 
are defined, mapped, and fretted over in the Deployment 
Descriptor. 

0 : 

I’ve heard about something called "cross-site’" 
hacking. What is that? 

A: 

Xx Cross site hacking can happen when a website 
displays free form text entered by other users (for 
instance, a user book review). If a malicious user keys 
some HTML with, say, Javascript into a text area, and 
the server doesn't catch it, then unsuspecting browsers 
will render the potentially dangerous hidden code along 
with the good HTML when the page is served. In other 
words, the server sends to users something another user 
typed in, without checking or processing it for malicious 
scripting code. 


So we've got to deal with "The Big Four.” How 


Ik a.-k k 1-L-LI-.-1-:_k_ kl-I 

> II IU uitfstr uduies up unu muiiiiuin mem, i 


mean is this going to be painfull 


A: 

XX Yes. we're afraid it might hurt a little. Actually, 
some aspects of security are really low overhead, while 
others DO require a fair amount of work. But none of it is 
very complicated, just potentially tedious. 
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security jobs 


The Pig Jobs in servlet security 

The table below will give you a feel for the key items in servlet 
senility. Authorization is the most time-consuming to implement 
ami Authentication is next. Front the servlet perspective. 
Confidentiality and Data Integrity arc pretty easy In set up.* 


Security 

concept 

Who’s 

responsible? 

Complexity 

level 

Effort 

level 

Exam 

importance 

Authentication 

Admin 

medium 

high 

medium 

Authorization 

Deployer 

high 

high 

high 


(mostly) 




Confidentiality 

Deployer 

low 

low 

low 

Data Integrity 

Deployer 

low 

low 

low 


\x/p t*p o'riintf in pmbt»n<;t7P Auflsni*iT»fir»n in fkis 

M 1 w l/ve w* i| *i**v*»^ *•" W» M v 

chapter because it’s (he most important and 
complex oF the vendor-neutral security concepts. 


♦Actually, getting the SSI, certification is not trivial, so by “easy " 
tie mean “you don't really do anvlhing in your servlet rode." 
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Just enough Authentication to discuss Authorization 

Later in the i hapter we’ll go deeper into authentication, but for now tve’ll look at getting just 
enough ttuOirnUrtiUui) data into the system so that we can focus on authorization A user can’t be 
authorized until he's been authrntirated. 

The servlet specification doesn’t talk about him a Container should implement support for 
authentication data, including usernames and passwords. But the general idea is that the 
Container will supply a vendor-specific table containing usernames and their associated 
passwords and roles. But virtually all vendors go beyond that and provide a way to hook into 
your company-specific authentication data, often stored in a relational database or LDAP system 
which is beyond the scope of this book Typically, this data is maintained by the administrator. 


The security “realm” 

Unfortunately, realm is yet another overloaded term in the security world. As far as the servlet 
spei is concerned, a realm is a place where authentication information is stored. When you’re 
testing your application in foment, you can use a file- called “tonti at-users.xnil” located in 
tomcat's conf/directory. NOT within webappsi. That one “lonicat-users.xrnr’ file applies to ALL 
applications deployed under web-apps. It's commonly known as the memory realm In-cause Tomcat 
reads this file into memory at startup time. While it's great for testing, it's not recommended lor 
production. For one thing you can’t modify its contents without restarting Foment. 


The tomcat-users.xml file 

<tomcat-users > 

<role rolenaroe=''Guest"/> 

<role rolename-"Meniber''/> 

<user usornan»e=''Bill" password="coder" 


• ayp server will uie 

Ut vail let 

. i_ nStc w/irfb and roles 


c/tonicat-uaers 


ot tbc PP** 


", i r‘ td » 

^ mL (s ' “««* 


Enabling authentication 


To get authentication working tin other words, to get the Container to ask for a username 
and password,!, you need to stick something in the 1)1). Don’t worry about what this means 
for m>w. but if you want to start playing around w ith authentication, use this: 


< login-config> 

■ ant h-met. hod>BAS IC-'/aut h-met hod > 
</login-config> 


l_ tV* 
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Authorization Step 1: defining roles 

I'hr most common form of authorization in scrvlds is (or the container 
to determine whether a specific servlet and the invoking HTTP request 
method can lie called by a user who has been assigned a certain 
security “role". So the first step is to map die roles in the vendor-specific 
"users "file to roles established in the Deployment Drsrriptor. 


VENDOR-SPECIFIC: 

The <role> element in tomcat-users.xml 


Annie is an “Admin" 
a “Member" and a 
"Guest" 


Vendor-specific 
users and role* 
data struCti*« 


< tomca t-use rs> 

<role rolename="Admin"/> 

<role rolename*"Menber"/> 

<role rolename="Guest"/> 

<uset ucernante="Ann»i'' pa3sword=*admin 
<:user usGtnanie="Diale" password 5 ^ coder 
<usei username“"Tpdl passwor(l»"riewbie 
:/tomcat-users> 



Diane is both a 
"Member” and a “Guest" 


Ted is a 
“Guest" 


i ]i Admin, Member, Guest 

i 1> Member. Guest” 

role; Guest’’ / 

should 

k 


/> 


fc£wt itttr^r^ - sat 

user Wn 


.xml 




When rt’s time -for authorization, the 
Container will maf its vendor- specific Vole* 
information to whatever <role-name>'s it 
finds in your DD's <seCurtty-role> elements 


SERVLET-SPECIFICATION: 

The DD <security-role> element in w< 

<security-rolexrole-name>Adrain</role-naroex/security-role> 
<security-role><role-nasie>Me!sber</role-nanis></sec’’rity-rols 
<security-roleXrole-name>Guest</role-nameX/security-role> 


r-login-conlig^ 

<*uth-«ethod> 8 ASIC I ■ 

</login-conhg> 


Don't foryt that you always need the 
<lo^m-Conf i^> element if you want to 
enable authentication 


The deployer creates <ro!e-name> 
elements in the DD. so that the 
Container can map roles to users. 
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Authorization Step 2: defining 
resource/wethod constraints 

Finally, the rool part. This is where we get to specify, daItunlu tlv. that a 
given resource/method combination is accessible only by users in certain 
rotes. Most nf the security work you'll do is probably with <security* 
constraint elements in your DI). l<ots o| picky rules later.) 


<security-constraint> element in the DD: 

•■wet app... > 

<security-constraint> T^i* „ j daioe 

<web-resource-collect ion> ’« ~ ^ Vfc 

<web-resouxce-najTie>UpdateRecipes</web-resource-nanv?> 


url-pattern /Beer/AddRecipe/* </url-pattern • 
url-pattern /Beer/ReviewRecipe/* /url-pattern 


** he CMSTRAINBD 


<http-rothcd GET /http-rrethod> 

-http-method POST</http-method The <hbtp-»ethod> elementfs) 

describe which H I I P methods are 

</web-reBOurce-collection> constrained (restricted) for the 

resources defined by the URL 

<auth-constraint> ■. ' 

<role-name Admin /role-name> . ' 

<roie-nam<= Member /role-name ^ optional <auth-Constraint> element 

</auth-constraint> **** w hich rol« Cfifd invoke the 

Constrained HTTP Methods |n other 

< /security-constraint* ^ds, ,t sa yt IVH 0 * allowed fc do a 6fT 

</web- app> Jnd POLT on the specked URL pattern 


/ Both of us ore allowed 
to do a GET and POST on the 
resources in the /Beer/AddRecipe 
directory and the /Beer/ 
ReviewRecipe directory. 

O ’ ^ ^ ^ 


r 


V 

l 


Member 


Admin 




Bummer. My role (guest) is not 
listed under <outh-constraint>, so I 
cannot do o GET or POST on anything in 
those directories. But I CAN do a 
TRACE. HEAD, PUT. 


Because they're in the "Member" 
role, Diane and Annie can do 
GET and POST on resources 
that fit the <url-pattem> 
elements. Ted is only a "Guest", 
so he can't do a GET or POST. 


Guest 
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The <security-constraint> rules for 
<web-resource-collection> elements 

Remember; ilie pui po.se of the <weh-i'esouree-eolleelion> 
sub-element is to tell the eoniainer whieh resour< es and 
H I I P Method eombiti.itions should be omdrninrrl in stiilt 
a way that they can be accessed only by the roles in the 
corresponding <aiilh-constraint> tag. We wish we could 
tell you to relax here, but you really do need to know the 
details of these elements. If you make one little mistake 
in the security part of your 1)1). you could leave the most 
sensitive parts of your app open to... ntrionf. 


The <web-resource-collection> sub-element of 
<security-constraint> 

<web app. ..> 

< security-const raint> 


<web-r*source-collection> 


<web-resource-name> 
OpdateRecipes 
</web-resource-name> 


Tkese are ike directories 
snik Corsiram-U 


>r 


Curl-pattern>/Beer/AddRecip®/*</url-pattern> 
<url-pattern>/Beer/ReviewRecipe/*</url-pattern> 


< http-mu'.fn GET /http-meth i 

</web-resource-coliecUon> 



<anr h-rnnst ra i nt-> 
• /auth-'-onstralnt 


• "•"* Jays tkat the §fcT 
<- v «*>eikod car be accessed OHLV 

t *7 rolfi defined m ike 
<auik-CorvrtrJini> 


</security-constraint 


</web-af»> 


Bvi ike OTm -eikods kave 

so ikey can be 
accessed by anyone 


Key points about 

— <web-resour<e-<ollettion> — 

► The <web-resource-collection> element 
has two primary sub-elements 
<urt-pattem> (one or more) 

<http-method> (optional, zero or more) 

► The URL patterns and HTTP Methods 
together define resource requests that 
are constrained to be accessible by only 
those roles defined in <auth-constraint>. 

► A <web-resource-name> element is 
MANDATORY (even though you probably 
won't use it for anything yourself) 

(Assume it's for IDE or future use) 

► A <description> element is OPTIONAL 

► The <url-pattem> element uses servlet 
standard naming and mapping rules (refer 
back to the deployment chapter for details 
on URL patterns) 

► You must specify at least one 
<url-pattern> but you can have many 

► Valid Methods for the <http-method> 
element are GET, POST. PUT, TRACE, 
DELETE, HEAD, and OPTIONS. 

► It no HTTP Methods are specified then 
ALL Methods will be constrained (which 
means they can be accessed only by the 
roles in <auth-constraint>)» 

► If you DO specify an <http method>, 
then only those methods specified will 
be constrained In other words, once you 
specify even a single <http-method>. you 
automatically enable any HTTP Methods 
which you have not specified 

► You can have more than one 
<web-resource-collection> element in the 
same <security-constraint 

► The <auth-constraint> element applies to 
ALL <web-resource-cotlection> elements 
in the <security-constralnt> 
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SSS£«s*- 

»* w*** "> m "‘ “ 

cotW*" of resole ♦ wsowx «u 

<http-method> elements 

—- a^rr^r^, «,« **~-"*- 


TO6 , ^S^rNO ?^’TJ W^I'.^HTTP 

mafc/7 w,e <ur1-patter n > ) H you put, n ONLY an^htt"^ n°' *** resourCGS ,hat 
>nthe secunty constraint, then POS r TMCE PUT^r ^ >GET ^ Nf>melh ^> 

you do mr ^ N aZ'<Zp ele ^t " 

<yout probably never do that, because,he wMeZ^of m,n,n9ALL HTTP Methods 
constrain specific HTTP requests on a padicTjZ 

Of coarae. AY7TP Afc*«fe ^w.,_ . 

I OOXXX 0 method, so if you have only ' a dlZZn T** ^ °~"***" "» 
<bttp-method> element (or onlv GFT „,!, 7 yDur ser>,lel - ar >d you specifv an 

'» * « POSTen^Z *SX 

~r us "' 9 “• «*—>«<•*». 
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<auth-constraint> rules 


Picky <sccurity-constramt> rules for 
<auth-constraint> sub-elements 

Even though it’s roI comtunnt in it? name, this is the sub-element that 
specifies which toles arc AI.I.OWK1) to access the web resources specified 

h\ the <web-resource-collection> suh-eleinent(M. 


The <auth-constraint> sub-element of <security-constraint> 


web-app 

<»ecucity-const raint> 

<web-resource-c[>l 1 eel i on: 


</web-resource-collection> 

<auth-constraint> 

<role-name>Admiri</role-naine> 
<role-naroe>Membe r</role-n aine> 
</auth-constraint> 

</security-eonst r aint ; 

:/veb-app> 


X* 

I 


TV,* ur ** | 

M TT? 

- ft a r< T a lOI * ’* 

%■ | M 

tke « ■£.<*’, » 

* 1 # * t *** 1 


Sr-*-— 


— <role-name> rules- 

► Within an <auth-constraint> element, the 
<ro!e-name> element is OPTIONAL 

► If <role-name> elements exist they tell 
the Container which roles are ALLOWED 

► If an <auth -constraint element exists 
with NO <role-name> element, then 
NO USERS ARE ALLOWED 

► If <role-name>*<j'role-name> then ALL 
users are ALLOWED 

► Role names are case-sensitive 


— <m»th-<onstraint> rules- 

► Within a <secunty-oonstraint> element 
the <auth-constramt> element is 
OPTIONAL 

► If an <auth-constramt> exists the 
Container MUST perform authentication 
for the associated URLs 

► If an <auth-constraint> does NOT 
exist, the Container MUST allow 
unauthenttcateo access for these URLs 

► For readability, you can add a 
<description> inside <auth-constraint> 
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The way <auth-cowstraint> works 

Contents of Which roles 

<auth-constraint> have access 


Admin, Member, 
and Guest 


Member 


p 

V 




h 

f 


Guest 


•csecuri ty-constraint> 

<auth-constraint> 

role-name Admin /role-name 
* role-name Member /role-name 
</auth-constraint > 

•:/security-constraint? 


Admin 

Member 



oecur i ty-conat raint > 

<auth-constraint> 

*role-name Guest /i li—name Guest 

</auth-constraint> 

•t/security-constraint) 


<security-ccnst.raant> 

rauth-constraint> 

Le-natw * e—i 
</auth-constraint> 

</security-conatrajnt> 


Everybody 


If there is NO 
<auth-constraint> 


The* t** 

'tWe eWeti ‘ 


Everybody 



O-ecuri tv-const camt> 

<auth-constraint/> 

</security-constraint 


Nobody 

|C you Pvt » iT1 e "’^ 



„ . MO < a uth-con9lralnt> .h. oppose o. an E MPTV 

Remember this: if you don t SedUe allowed access (unless 

unu DO put in an <auth-constramt>, then ONL have access, you MUST 

ELJ SLt «t oy #» *»» *»» O' 5 ”’ w ' - 
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How multiple <security-constraint> elements interact 

Just when you thought you had <sn urity-t oust taint > figured out, you realize that multi ft If 
<#ei iirtty-ec»tiHiiaitit> eleiiienis tnit’lit i onflii I. lamk at ilir 1>I) (iagmenis below, and 
imagine the different combinations of <aiuh-c<msiraitit> configuration* that might he used. 
What happens, lor example, if »nr <security-constraint > Awn access while anot/m <seeurity- 
constraint> explicitly grank access... to the same constrained resource, for the same role? 
Which <security*constraiut> wins? The table on the opposite page has all the answers. 


Multiple <security-constraint> elements with the same (or 
partly-matching) URL patterns and <http-method> elements: 

<web-app ...> 

< secur i ty-constrdint> 

<web-resource-collection> 

< web-resour ce-name >Recipe s 
</web-resource-name> 

. 1 1-patturn /Beer/DisplayRecipes/* 

</ur1-pattern> 

ar 1-pa' ' ern /Beer/OpdateRecipes/M 

</url-pattern> 

<ht tp-mec hoc POST e / ht tp-met hod> 

</web-resource-collection> 





< /security-constraint- 


Both o-f there <ie£urrty-Conittramt> 
elements ipedi-fy cesou rtei defmed ns 
‘/Beer/WpdwteRedtper/ 


<security-constraint> 


<a«th-to«tran't> 

elewrntr Wrfch 
different role na»es 



web-resource-col lection.- 
'•web-resource-name > Update 
</web-resource-name > 

ur 1-pat ter n /Beer/tlpdateRecipes/* 

</url-pattem> 

ur 1-patterri /Beer/UpdateUsers/* 

</url-pattern- 

<http-mothod POST /http-methods 
</web-resoi.irce-col lection > 




</securi 

./weh-app> 


/-constraint'' 


How should the container handle 
authorization when the same resource is used 
by more than one <security-constraint>? 
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Pueling <auth-constraint> elements 

If iw<> <ii more <M-t iiriiy-i *>»$iraint> demctils have partially ■ >r fully overlapping 
<\vi I►-reiourcc-i t>ll«:cti«>ti> < Uiiicuis, In n '■> how tIn* container resolve* .inro to 
11 if overlapping resources. A and B refer to tin- PD on the previous page. 

Contents of Contents of (b) 


Who has Access 
to ‘UpdateRecipes’ 


- tuth- 

i t*?-naro< Guest /rr;o-name • r i^-nan^ Admin / ri ■ i tt-narw- 
</autti-constraint> </auth-constraint> 


Guests and Admins 



<auth-constraint> <auth-constraint> 

<role-name Guest< / role-name • <role-name>*</role-name> 
</auth-constraint> </auth-constraint> 


Everybody 



3 


■ auth-constraint/ 

c*rfcf ** 


4 NO <auth-constraint> 
element 


<a uth-constraint> 

■ cole-name Admin /role-name 
< /auth-constraint> 


<auth-cor>straint> 

Admin 

</auth-conctraint> 



Rules for interpreting this table: 


I Whon rAmhimnn inrltuidnal taIis namoc a// Af tho taIo 

• • mun wuiiiUMiiiitj it i\ji ■ ivjuui I uiu iiuiiiw, uji ui mu iuiu 

names listed will be allowed 


2 . A role name of “ combines with anything else to 
allow access to everybody 


3 An empty <auth-constramt> tag combines with 
anything else to allow access to nobody! In other words, 
an empty <auth-constraint> is always the final word! 

4 If one of the <security-constraint> elements has no 
<auth-constraint> element, it combines with anything else 
to allow access to everybody 



empty 'aitfh-const ramf- 
eJemenfs apply to Ae same 
constrained resource, access 
is granted to the union of 
all roles from both of the 
'^-constraint* elements. 
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I understand that putting in an empty <autb-constraint/> ele¬ 
ment tells the Container that NOBODY from any role can access the 
constrained resource. But I don't understand WHY you would ever do 
that. What good is a resource that nobody can access? 

When we said. "NOBODY" we meant "Nobody from OUTSIDE the 
web app'. In other words, a client can t access the constrained resource, 
but another part of the web app can, You might want to use a request 
dispatcher to forward to another part of the web app, but you don't ever 
want clients to request that resource directly. Think of 100% constrained 
resources as sort of like private methods in a Java class—for internal use 
only. 


Why does the <auth-constraint> element go inside <security- 
constraint> but NOT inside the <web-resource-collection> element? 

A: 

This way, you can specify a single <auth-constraint> element 
(which could include multiple roles), and then specify multiple resource 
collections for which the <auth-constraint> role list applies. For example, 
you might define an <auth-constraint> for a Frequent Buyer role, and then 
put <web-resource-co!lection> elements in for the all the different parts 
of the web app where a Frequent Buyer gets special access. 


Do I actually have to sit there and type in every one of my users 
with their passwords and roles? 

A i 

X"l_* If you're using the test memory realm from Tomcat, yes. But 
chances are, in the real world you're using a production server that gives 
you a hook into the LDAP or database where your real user security info is 
stored. 
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Alice's recipe servlet, a story about 
programmatic security... 

Alice knows that most of the time declarative security is the way to go. It's flexible, 
powerful, portable, and robust. As web application architectures have evolved, 
indiv idual servlets have become more and more specialized. In the old days, a angle 
servlet would he used to provide business logic to support employee* and manager*. 
Today; these function* would probably be split into at least two distinct servlets. 

But, lut ky Alice has just inherited someone else * “RecipeServlel". Alice has heard a 
rumour that RecipeServlel uses prograimnatit security, so she starts looking through 
the source code and finds this snippet... 


ft r<~ tie: t .isUserlnRole (''Manager") > i 

//do the Upda feRecipe page 


/ a* a vole n*»e 7 


WKat 'f ihe --~ , , 

dtdrt't keo*- about your to-yarty * vo e 


else ( 

// do the ViewRecipe page 


I 



What seuiuly step minsl have 

happened before this snippet runs? 

What security step is implied by 
this snippet? 

Whal part, if any does the DD 
play in this snippet? 

How do you think this code works? 


What are the implications? 

Think about what you've learned so far In this chapter, look at the 
small code snippet above, and try to answer the questions 


What if the role of'Manager" 
doesn't exist in your container? 
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Customizing methods: isUserlnRoleO 


In HttpS«?r\IctRequvst, time methods an* associated with 
programmati< security: 

getUsc-rPrincipalO, which is mainly used with FJHs. We won't 
Cover it in this lunik.* 

gftRi'moteUser(), whirl) ran lie used lot link authentication 
si.itus. It's not commonly listed, so vve don't cover it in this hook 
and there's nothing else you need to know about it lor the 
exam). 

isUst?rlnRoU*(), whirl) we'll look at now. Instead oT authorizing 
at the HTTP method level (il l. POST. etc. , you t an 
authorize art ess to portion) of a method. This gives you a way 
to ruslmi'zit how a service method behaves based tut ihr user's 
role. If you’re in this service method ido(»ct(). doPosti), etc,!, 
then the user made it through the declarative authorization, 

Imii now you want to do something in the method conditionally, 
based on vvheher the user is in a partit ular role. 


How it works: 

0 Before isUserlnRole() is called, the user needs to be 
authenticated If the method is called on a user that 
has not been authenticated the Container will always 
return false 

(2) The Container takes the isUserlnRole() argument, in 
this example Manager' and compares it to the roles 
defined for the user in this request 


I just got this servlet from 
Ston in accounting and he's hard¬ 
coded roles that we don't even have. 
(What the %$<4# is a superCustomer?) 
No way am I gonna redefine all the 
roles in my container just so I can 
use Stan's stupid servlet 



How do you match up roles in 
the DD with roles in a servlet? 



if the user is mapped to this role the Container 
returns true 


* Wc tlu. howrSTf. Ldovs <il ilii- 

nftftlJt nice I.JB IjikA... 
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The declarative side of programmatic security 


There* a Rood chance ili.it when a programmer 
hard-codes security role names in a servlet (to use as 
tiie argument to isUserlnRolei )). the programmer was 
just milking nf> n fake nnmr. He either didn't know the 
real role names, or lie's writing a reusable component 
that'll be used by more than one company, and those 
companies aren’t likely to have the exact role names 
the programmer used. < )f course, if the programmer 
really wants to build rrusnbU components, hard-coding 
a role name is a Terrible Idea, but we’ll suspend 
disbelief lor now.) 

It turns out that the Deployment Descriptor lias a 
mechanism for mapping hard-coded (which means 


mndf-uf)) role names in a ierilft to the "official” 
<security-role> declarations in your Container. 
Imagine, for example, that the programmer used 
"Manager" as the isUscrlnRolefi argument, but your 
company uses "Admin” as the <sccurity-role>. and 
you don't even have a "Manager" security role. So 
even if you can’t stop a programmer from hard- 
coding a role name, you at least have a work-around 
w hen the hard-coded roles don’t match your mil role 
names. Because even it you do have the sen let sourc e 
code, do you really w ant to change, recompile, and 
retest your code just to change every instance of 
"Manager” to “Admin”? 


In the servlet 

: f < request. isUserlnRole ("Manager")) 

// do the UpdateP.ecipe page^^ 


| else ( 

II do the Viewftecipe page 


In the DD 


-web-app...> 

<servlet> 

e—t 

/roie-name 

<role-link Admin /role-link 
</security-rolelref > 

</servlet> 




<secu r i. ty-r ol 

r ol*=-namf Admim/ro';e-name 

1 - 

< /veb-app> 


T tie _ Containor _ will use a I 

Bf** mapping even IF the programmatic name m 
a “real” <security-fole> name. 

IW the Container Ms antu'lTtlen v»nen the 

•SZSZ2ZX& s Lc.. 

you might really HAVE a Manager saca y ^/programmer intended. So 
mean something completely ^J ^.^ ^Mtmh: and men map 
St r*ntr ■ So, the <secuhhHO»uel> aLays wine 
„nen both include the same <rote-neme> _ - 


TV, 
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security exercise 


, Assume all security constraints below have the 
•^harpen your pencil same <ur|.pattern> and <http-method> elements 
Based on the combinations shown, decide who 

can directly access the constrained resource. Nobody Guest Member Admin Everyone 


© 


<security-constraint■ 

<auth-constraint> 

<role-name>Guest</rol<»-naine> 

</auth-constraint> 

<7security-constraint» 


© 


<-ecurity-constraint) 

<auth-con3traint/> 

c/security constraint • 


© 


< st-cun ty-coost taint > 

< auth-con straino 

<role-nanie>Aiimin< /role-name> 
</auth-constraint> 

•./s-curity-const: aint - 


• security-constraint 


<auth-constraint> 

<role-name>Guest</tole-name> 

</auth-constraint> 

<./security-constraint.' 


© 


'-security constraint) 

<auth-constraint> 

•: role-name xjuest</role-name> 
</auth-constraint> 

</=ecurity-constraint > 


<security-cnnstraint> 


-tauth-constralnt) 

« ri.le-name>*</role-name> 
</auth-constraint> 

/security-constraint) 




ity-c: nstiaint > 

' autti-eonutiaint > 

-'rclc-nomc - Member </rclc-namc = 
</auth-eonstraint> 

c/security-constraint • 


•isecuri ty-const ralnr. i 


</secur i ty-ccr.strair.t 


Assume that NO <auth- 
coostramt> is defined 



© 


•csecurity-constramt) 

<auth-constraint> 

<role-name>Member</role-name> 
<• / auth-con attaint > 

</security-constraint) 
caecurity-eonstraLnt > 

cauth-ccnstraint/> 

</security-constraint > 
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Authentication revisited 

1*01 a,|2KE Container. authentication comes down to tins: ask 
for a user it/imt and password , then verify that they nuilcli. 

The first time an tin-authenticated user asks for a 
constrained resource, the Container will automatically 
st.irt the authentication process. There .ire four ty pes of 
authentication the Container can provide, and the main 
difference between them is. "How securely is the name and 
password info transmitted?” 


The FOUR authentication types 


BASIC authentication transmits the login informal ion in 
an encoded (mil runvptrd) form. 1 hat might sound secure, hut 
you probably already know that since the encoding scheme 
base64 is really well known, BASK: pros ides yen. weak 
security. 


DIGEST authentication transmit* the login information in a 
more secure yvav. but because the encryption mechanism isn't 
widely u.srd.j2KK containers aren't required to support it. Foi 
more info oti DIGEST atitlientii at ion, check out the IETF 
RFC 2<i17 iwyvyy.ietf.org/rfc/rfc2hl7.txt). 


CLIENT-CERT authentication transmits the login 
information in an extremely secure form, using Publi< Key 
Certifii ates (PRC). I lie dcnvnside to iliis tnechanisni is that 
your clients need to have a certificate before they ran login to 

. »•••••«»» 1 t I ..*-!»• e- i ,•*, b ,e >,>■ to l, •» >| • «•«,••! ,1 i. 

t ><lll ’V>n III II > Itlllltl ||1I« IMI I I'lPUIIK I’ m llttn •* ' t t Id |t ittt , 

mi CLIENT-CERT authentication is used mainly in business to 
business scenarios. 


Tin three types above BASIC. DIGEST, and CLIEN-CERT 
all use the broyvser's standard pop-up form lor inputting the 
name and password. But the fourth type. FORM, is different. 

FORM authentication lets you create yout own custom login 
form out of anything that’s legal H I ML. But... of all four 
types, the form-based info is transmitted in the least secure 
way. The username and password are sent bark in the HTTP 
request, yvith no encryption. 
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Implementing Authentication 

This is the simple part simply declare die authentication 
scheme in the PI). The main DP element for 
authentication is <l«sjin-confit{> 


Four <login-config> examples: 

<web-app..•> 

<login-config> ^ 

auth-method BASIC</auth-method> 
</login-config> 

</web-app> 

— or — 

<vets-app... > 

<loqin-config> 

<auth-ruethod DIGEST /aut h-met hi d> 
< /1 og in-coriflg > 

■/web-app _ 

— or — 


to.stra.ned W*U ****** 


|f your dontimfr supports DIGEST, rt 
will Handle ALL the details 


- WOtl-app. .. > 


<logln-config> 

;11 h-met hod CLIENT-CERT /ant h-me! h i 
< / log i n-conflg > 


</weti-app» 


CLIENT is easy to Configure, but your 
clients n»u$t have Certificates It does 
Y°* E*TRA-STR&^Ttt protection' 


give 


— or — 

yab-app...> 

<login-config> ^ FORM is the most Complicated 

i FORM ith-n - to implement we ll look at it m 

<form-login-canflg> detail on the ne*t page 

rra-logln-page>/login Page. htiaK/forra-logLn-pag e 
<form-error-page 7ioginError.html-7fonn-error-page> 

</form-login-config> 

</login-config> 

a l*m»h imm w 
> / erW-ajjjwe 


Except for FORM, once you’ve declared 
the <login-config> element in the DD, 
implementing Autlientication is done! 
(Assuming you’ve already configured username/ 
password/role info into your server.) 
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Forw-Pased Authentication 


Although there's more to implementing ii than with the oi/in forms of authentication. 
FORM-based isn’t that bad. First, you create your own custom HTML form for the user login 
although this can certainly lie generated hy aJSI\, Then you create a custom HTMI. error 
page for the Container to use when the user makes a login error. Finally, you tie the two 
forms together in the 1)1), using the <|ogin-conlig> element. Note: if you’re using Form-based 
authentication, be sure to turn on SSL or session tracking, or your Container might not 
recognize the login form when it's returned! 


What YOU do: 

© Declare <login-config> in the DD 
® Create an HTML login form 
© Create an HTML error form 


© 


In the DD... 


Irm ? nMe **" ">• 

k^fto lo ®* n *° rm are the 
with comm ""lcaHn s 
W,th the container: 

■ i_security check 
'J username 
• j. password 


-login-config • 

<auth-method FORM auth-method> 

< f o nr.-1 og i n -contig > 

forn-iogin-pagc^AoginPago.htanl :/£orm-login-page 
forrn-error-r^^ /login^/ror.html /form-error-page 

< / f o r in- login -jFrdiq > 

</login-confiq 


© 



/ 

r 


tion of the 


F- ^ W 1 ", 

HTML Wye w *- 


Inside the loginPage.htf^l... 

Please login daddy-o 

•cform method=’'POST w action^" j_security_check"> The Contain* retires that 

<input type="text" n^/e»"y usernanie"> ^- the HTT P reared »«ll 

the »tetr nai»e j_j*ser»a»e 


• input type- "passw -Jr name*" j_password" 
<input. type-"submit# value-"Enter"> 


</fornp 


# 

m 

4 /. 




(3) Inside the loginError.html... 

<html><bady> 

Sorry dude, wrong password 
</bodyx/html> 


The retainer requires that the 
^TTP revest will store the 
password in j_password 


Don’t 

relax! 


You need to know everything 
on this page for the exam! 
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Summary of Authentication types 

litis table summarizes key attributes of the four authentication types. 
“Spec" refers to whether this type ol authentication mechanism is 
defined in the HTTP spec or thej2EE spec. (Hint: you'll need to 
remember litis table when you take thr exam ) 


Type 

Spec 

Data Integrity 

Comments 

BASIC 

HTTP 

Base64 - weak 

HTTP standard, all browsers support it 

DIGEST 

HTTP 

Stronger - but not SSL 

Optional for HTTP and J2EE containers 

FORM 

J2EE 

Very weak, no encryption 

Allows a custom login screen 

CLIENT- 

CERT 

J2EE 

Strong - public key, (PKC) 

Strong, but users must have certificates 


cfeitinSiestlons 

What does data integrity 
have to do with Authentication? 

A • 

When you’re authenticating a 
user, she’s sending you her usernante 
and password. Data integrity and 
confidentiality refers to the degree 
to which an eavesdropper can steal 
or tamper with this information. In 
2 mnm e nt we'jj tsik about how 
to implement data integrity and 
confidentiality during login. 

Data integrity means that the data 
that arrives is the same as the data 
that was sent. In other words, nobody 
tampered with it along the way. Data 
confidentiality means that nobody 
else can see the data along the way. 
Most of the time, though, we treat 
data integrity and confidentiality as a 
single goal—things you do to protect 
data during transmission. 



Jharpen your pencil 

-Ftll-rn the missi 


Ftll-tn the missing pieces for this FORM-based 
authentication app. This is just to help you memorize the 
authentication-related pieces of the DD and the HTML form 
(The answers are on the previous page.) 


<login-coniig> 

<auth-method>[ 


«/auth-method> 


<form-l ogin-conflq ■ 

< >/loginPage.html</ 

-form-crror-pngc>/loginError.html</form-crror-t i 
</1 crnt-1 cgin-corifig> 

</login-config> 

HTML _ 

Please login daddy-o 

<form method-"POST" action- > 

cinput type="text" name= > 

<input type="password" naroe="j_password"> 

<input type«"sufc>mi t" value-"Enter"> 

</form> 
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/ Form-based authentication doesn't 
have any protection for the data. But I 
don't want to use the ugly browser login 
window that the other three authentication 
types use. Oh if only there were a way to 
use my own custom login form, but still 
protect the username and password .— 

when they're sent back. J 


O 

o 



She doesn't know about J2EE's 
"protected transport layer connection" 


Don't Panic. You can have vulii custom login cake and secure* it too. 
i i ... : ,:ii j..#- - - -— .1.. . ...\i .. ... 

u.ll.l |> Mill uutu. M • Mill (.III M( U|l |l III me >.l|||f \MI\ >»»U (I *><llll 

i<> protect an online shopper's credit card mnnlier using yourJ'iEE- 
cnmpliiinl Container’s data integrity and eoniidcntiality features. 
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Securing data in transit: HTTPS to the rescue 

When vim tell aj2LK Container iliai you want to implement data 
(onlidftitialin and/or integrity. the J‘2hh spec guarantees that tin- data to be 
transmitted w ill travel over a "protected transport layer connection In 
other words. Containers are not rrqutrerl to use any specific protocol to handle 
secure transmissions, but in practice they nearly all use H FTPS over SSL. 


HTTP request —not secured 



HTTP over TCP 


POST /OieckOut.jsp 
. [request hcoders] 

crcditCardSum SSS12123434ctpD 
At*-0 SOS 


web server 551 


container 


POST /advisor/SelectBeerTaste.do HTTP/1.1 
... (request headers here] 

creditCardNum = 5551212343&expDate-0505 


The Bad Eavesdropper gets a 
copy of the HTTP request that 
contains the client s credit card 
info The data isn t protected, so 
it comes over in the body of the 
POST in a nice readable form. 
The Eavesdropper is happy 


A secured HTTPS over SSL request 



HTTPS over SSL over TCP we b server 


POST /CheckOut.jsp 
*?x33J- 

gTgvftli ■dr'll 
f«66d41dd f666d41dd 



container 



The Bad EdvebJiuppei yelb d uupy 
of the HTTP request that contains 
the client's credit card irtfo 

But because it was sent with 
extra-strength HTTPS over SSL, he 
CANNOT read the information M 
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_<ti£Harpen your pencil 


Do you need (or every request and 
response to be secure? K not. which 
parts of your app need protected 
transmissions? 



Think about what's been covered in this chapter tf your web application is 
going to be fast, efficient and secure you ve got some questions to answer 
(there are no answers for this one, it's for you to figure out) 


What do you think data confidentiality 
means'? 


What do you think data integrity means? 

If vnu mi ild annlv transmission sen irrlv 

• / —- rrt ~ - --/ 

measures to only some requests and 
responses, how would you want to tetl the 
Container which requests and responses? 


Can you think of any other DD elements 
that work on the same level of granularity 
that you want for declanng protected 
transmissions? 
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How to implement data confidentiality and 
integrity sparingly and declaratively 

Oikt again, wc turn Hi i h<* DD. In fact, wr'll usr our old friend <*ecurity- 
constrainl> tor both confidentiality and integrity by adding an clrmenl railed 
<user-data-constraint> And when you think about it, it makes sense if you’re 
thinking about authorization for a resource, you’re probably going to consider 
whether you want the data transmitted securely. 

<web spp... :> 

<securit/-constraints 


<web-resource-collection> 

<tMbrresoucce-natne>Recipc8</web-resouz-ce-name> 
uri-pattern /Beer/UpdateRecipes/* /uri-pattern> 
-http-method POST- /http-method■ 

</web-resourre-coliention> 


< auth-cons t r ain t > 

Member -name? 

</auth-consttaint 




ton' 

<wser 


<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint> 


</securit/-constraint> 
</web-app> 


Put these three sub-elements 
together to read 

Only Members can make POST 
requests to resources found in 
file updaferreupeS uifeCtufy, 

and make sure the transmission 
is secure 


Legal values for <transport-guarantee> 


NONE ihe data 1 

This is the default, and it means there’s no data protection 

INTEGRAL 

The data must not be changed along the way 

CONFIDENTIAL 

The data must not be seen by anybody along the way. 


Vow'll probably nticr *1*^7 


NOTE although not guaranteed by the spec, m practice virtually every 
Container uses SSL for guaranteed transport which means that both 
INTEGRAL and CONFIDENTIAL do the same thing—either one gives you 
both confidentiality and integnty Since you can have only one <user-data- 
constraint> per <secunty-constraint>, some people recommend you use 
CONFIDENTIAL but again, it will probably never matter in practice, unless 
you move to a new (and unusual) Container that doesn t use SSL 
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Wait , how do you guarantee 
that the request data is 
confidential? The Container doesn't 
even know it's supposed to protect the 
transmission until AFTER the client 
makes the request— 



Protecting the request data 

Remember that in the DD, ilie <sccurity-cnnstraint> is 
about whal happens njier the request. In other words, 
the client has already made the request when the 
Container starts looking at the <security-constraint> 
elements to decide how to respond. 77m request data has 
already turn u ni nvn tin wire. How can you possibly 
remind the browser that. "Oh. by the way... il the user 
happens to request this resource, switch to secure 
sockets (SSL before sending the request." 


What can you do? 


You already know how to force the client to get a 
login screen In defining a constrained resource in 
the DD. the Container will automata alb trigger the 
authentication process when an unaulhenticated user 
makes the request. 


So now we have to figure out how to protect the data 
coming in from a request... even land sometimes 
especially i when the client lias not yet logged in. 

We might want to protect their login data! 


Turn the page to see how it all works... 
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without <transport-guarantee> 


Unauthorized client requests a constrained resource 
that has NO transport guarantee 


Client requests /BuyStuff jsp, 
which has been configured in the 
DD with a <secunty-constraint> 


in 




HTTP over TCP 


POST /BuyStuff jsp 


The Container checks the security- 
constraint and finds that /BuyStuff is 
a constrained resource which means 
the user MUST be authenticated The 
Container finds that there is NO transport- 
guarantee for this request. 

*1 


user-data-constraint> 

< t ranspor t -guarantee:' 

NONE 

</tiansf>ort-guarantee> 



web.xml 


container 


"NONE” t$ the default, so 
rt is what you get eve* 

>f you do NOT specify 
a DD element for 
<tra*syort- guar a*tee> 


© 


e 


The Container sends a 401 response to 
the dient, that tells the browser to get login 
information from the user 


i* 


401 Unauthorized 
WWW-Authenticate 
Basic realm ='user" 



© 


6 


The browser makes the same request again, 
but this time with the user s login information in 
the header 


v 

I 


POST/BuyStuff jsp 
Authorization: 

Basic: x5w3..= 




container 


/ikes^ The client's login information was 
NOT sent securely "Hie client's username 
and password were not protected^ 


© 



The Container authenticates the client (checks that username and password 
match the user data configured in the server). Then the Container authorizes 
the request to make sure that this user is in a role that's allowed to get the 
constrained resource Everything checks out, so the response is sent 


<html> 

Enter Credit Cord # 

<mput type=te>rt name-ccNum> 

«/html» 



container 
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The Container sends a 301 response to the client that 
tells the browser to redirect the request using a secure 
transport 

301 Redirect I ”” 

Location HTTPS^/— I ^ 

1 container 


i ll “im"1» **ed ^ 

V* tKe , . L-J f^lSO the **1 
redirect*! , trowter. 

<* W« 
■h w «• TrteN 

|*U «e * -e ta " 


I The browser makes the same resource request 
again, but this time, over a secure connection 
In other words, the resource stays the same, 
ft but the protocol is now HTTPS. 


jv Now the Container sees that the resource is 

constrained, and that this user has not authenticated. 
So now the Container starts the authentication 
^ process by sending a "401" to the browser 



container 


401 Unauthorized 

WWW Authenticate 

Basic realm ="user" 



container 


The browser makes the same request again (yes, for the THIRD 
time) but fW$ lime the request has the user 's login data in the 
header AND the request comes over using a secure connection 
So this time the client s login data is transmitted securely! 


POST /BuyStuff jsp 
Authorization: 

Basic: x5w3..= 


o 

container 


MW'-' 

. * tr,e* to deal 

av. *** vfLi.r if 

^siovtraset^^^ 

tl w 

to look at , t “Co-e tatk 

f D It \u*i te«* the «*“«■ VT » 
,T *° A then '-ell ***• 


*be»'f<» re 
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protecting data 


To n,a*o sure the user's 

conrrfrainedTesoiirce thScU «w~ the .Ohio process. 

Remember ** 

•JS&SZX^ 

”»s^sss ™= sx &« « ^ - - - 

dienV core 

That way. the Container will get the '^contSnefe^hebmw^r. -You* 
telling the browser to get the _„„[ rf ou y e using a secure connect^ Then 
not supposed to even MAKE this reque. y jnQf THEN sayS -oh. I see 

when the client comes back the second Urn^ dat a (mw the user " The 

Cr^"”S K:“,h. user s see senes hoc* - 

THIRD request over a secure connection. 


D’lmils i.Whtions 

0 : 

I don't understand why the Container 
sends back a REDIRECT (301) to the client 
when the request comes in without a secure 
connection. Doesn't it just redirect back to 
the same original request? 

A: 

Normally you think of a redirect as 
meaning "j-lew hroywser go to a different IJRI_ 
instead."The redirect is invisible to tire client, 
remember; the client's browser automatically 
makes the new request on the URl specified in 
the redirect (301) header that comes from the 
server. 

But with transport security, it’s a little different. 
Instead of telling the client browser, "Redirect 
to a different resource", the Container says, "Re¬ 
direct to the some resource, but with a different 
protocol—use HTTPS instead of HTTP." 


0 : 

So, Is HTTPS over SSL just built-in to 
the Container somehow? 


A i 

X\‘ It’s not guaranteed by the spec, but it's 
extremely likely that your Container is using 
HTTPS over SSL (secure sockets). But it won't 
necessarily be automaticlYou probably have 
to configure SSL in your Container, and more 
ims>ciilanlly—you need a ceilificale! 

You'll have to check your Container's docu¬ 
mentation, but chances are, your Container 
can generate a certificate that you can use for 
testing, but for production, you'll need to get a 
Public Key certification from an "official" source 
such as VeriSign. 

(Certificates and security protocols like HTTPS 
and SSL are way outside the scope of the exam 
by the way. You're expected to know only what 
you have to do in the DD, and why. You're not 
expected to be the sys admin and network 
security master.) 
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Configure the security aspects of a web application by filling in the three 
blocks in the DD The web application must have the following behavior 

You want anyone to be able to do a GET on the resources within the 
BeehUpdateRecipes directory (including any subdirectories), but you want 
ONLY those with the security role of 'Admin' to be able to do a POST on 
resources within that directory Also, you want the data to be protected so 
that nobody can eavesdrop 


•web-app... 

<security-constraint> 



</web-app> 
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security exercise 


(^Sharpen your pencil 


Fill out the following table by writing in the relevant DD 
elements You'll see the answers when you turn the page 
(and don t even LOOK at the opposite page!). 


Security goal What you’d put in the DD 

You want the Container to do BASIC 
authentication automatically 


You want to use your own custom form 
page, named loginPage html” (and 
deployed directly at the root of the web 
app) and you want logmError. html" to 
be displayed if the client cannot be 
authenticated 


You want to constrain everything with a ‘ do' 
extension so that all clients can do a GET, 
but only Members can do a POST 

(You do NOT need to include the DD 
elements needed to configure login 
information) 


You want to oonstram everything within the 
loo/bar directory so that only those with 
a security role of Admin can invoke ANY 

HTTP methods on those resources 

(You do NOT need to include the DD 
elements needed to configure login 
information) 
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•^Sharpen your pencil 


ANSWERS 

You want everyone to be able to do a GET on the resources within the 
Beer/UpdateRecipes directory (including any subdirectories), but you want 
ONLY those with the security rote of “Admin’ to be able to do a POST on 
resources within that directory AJso. you want the data to be protected so 
that nobody can eavesdrop. 


■web-app. 

<security-constraint> 


<web-resource-collection> 


0 , URL- fat**™ i 

otek«<* ***** 

<web-resource-name>Recipes</web-resource-najne> 
<url-pattern>/Beer/UpdateRecipes/*</url-pattern> 


<http-method>POST</http-nvethod> 

</web-resource-collection> 


<auth-cons traint> 


<role-name>Admin</role-name> 


</auth-constraint> 


tVl-RyOHB *oJd be able to do a POST 
1,, Admin means that only Admin 

actevs tbe Combination o( tbe URL pattern 
and tbe HTTP AletUid 


<uaer data constraint) 

<transpor t-guar an tee>CONF ID ENT IAL</transport-guar an tee> 


</uaer-data-constraint> 


</security-constraint> 


</web-app> 


/<* eo. ; ld have sa.d INTEGRAL be« and 
- or /: t all r all Containers, you'd still 3e t 
Conlidentiaiity, because Containers use SSL 
Jor tbeir transport 9 uarantee faltbouob 
that s not 5naranteed by tbe spec) 
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r^harpen your pencil 


ANSWERS 


Security goal What you’d put in the DD 

You want the Container to do BASIC 
authentication automatically 

<web-app>_ > 

<login-config> 

auth-method' BASIC /auth-methcd> 

</login-config> 

-../weh-at p • 

You want to use your own custom form 
page, named ‘logmPage html' (and 
deployed directly at the root of the web 
app), and you want ''loginError.htmr to 
be displayed if the client cannot be 
authenticated 

<veb-ap>p. 

< 1 og i ri- config > 

< au th-method FORM c/ au t !; -me t hod 
<form-login-config> 

< form-login-page>/loginPage.html^/form-login-page 
form-error-page>/loginErr or. html *- / form-error-page> 

< / f c ttn- 1 og i n - config > 

</login-conflg> 

/web -app • 

You want to constrain everything with a " do' 
extension so that all clients can do a GET 
but only Members can do a POST 

You CoJr^rt two thirds a 
toritramed r«ou rU ('ll WRL 

r atter* rl« HTTP Method). 

and the <auth-Conltramt> 

that def.nes the *t«nty role 
that tan atte»» th* <per.<V«ed_ 
<htt ? -»ethod> o* the ifefW 

<„rt-yattern> 

<web-app... > 

<3*cunty-const taint > 

<web-resource-colleetion - 

<weh-re.saurce-name CoolThings' /web-resource-name > 
irl-pattern *.do /\irl-pattern> ^ 

< http-method POST 'http-method ■ \ \ 

< /web-resource-collection> ) 

We used the 

<auth-constralnt> extension URi- 

role-name Member :/ role-name > fitter* tha( always 

</auth-constralnt> starts with an 

. . asterisk MO 

<• fitpruri ru-/ , nri<i1'r^i ntv 
'-/ntsb ayy's 

You want to constrain everything within the 
foo/bar directory so that only those with a 
secunty role of Admin can invoke any HTTP 
methods on those resources 

•web- app ...• 

"<aecurlty-constralnt • 

*web-resource-collection> 

<web-resource-name>Stuff</web-resource-name> 

<url-pattern /foo/bar/*</url-pattem> 
</web-resource-collection> «, pr , ., 

\ We left off <»*«?' 

<auth-constraint> *»ethod> so that 

i l e-name Admin / role-name> M-L' HTTP Method* 
</auth-constraint> are Constrained to he 

/security-constraint jtttssible o*ly to those >* 

the Ad~>« role 
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f^Sharpen your pencil ANSWERS 


Nobody Guest Member Admin Everyone 


<securit y-canstraint> 

«auth-constraint■ 

<role-nan f .e>Guest</role-narae> 
</auth-ccmstraint> 

</security-constraints 


<3ecuriiy-canat_raint> 

<auth-constralni/> 

</security-Ccn 3 traint> 

Csecurit y-cons t raint> 

<auth-constraint> 

role-name -Admin*/role-name 
</auth-constraint> 

c/securrty-cDnstramt■ 

-csecurity constraint • 

<auth-constraint> 

<role-name>Guest</role-name> 
</auth-const raint> 

< / a bc ur i t y - cc-ns Lr aln t > 


< security-cutlet r ainl> 

<auth-constraint ■ 

<roie-name>Guest</role-name> 
</autti-constrlant > 

< /aecur Lty-constralliL'* 

<security-constraint > 

<auth-constraint> 

<role-name>*</role-name* 
</auth-constraint> 

^/security-constraint 


<aer.ur 1 cy-cr.nst nil nr > 

<auth-Gonstrsint> 

<rr»ie-name>Member</ role-name> 
</auth-constraint> 

</security-constraint:* 


<aecurity-CGT.3traint > 

... ‘ * 
• /security constraint• 


Assume thal NO 
• <auth-constra.-n!> ts 
defined 



<secur ity-const r amt > 

<auth-constraint> 

< ro1e-name>Membe r</r o1e-name > 
</auth-constraint> 

< / secijr i ty- cons t r a j nt > 

< 30Curity-constraint> 

<auth-c.onstraint/> 

- ' security-const taint :> 
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mock exam 



^Kodc &xdMt ffl&fzten, 12 


Which security mechanism# always operate independently of the transport 
1 layer? (Choose all that apply.) 

LI A. authorization 
Gl B. data integrity 
□ C. authentication 
Q l) confidentiality 


f liven a deployment descriptor with three valid <security-constraint> 
elements, all constraining web resource A. whose respective 

<auth-constraint> sub-elements are 


<auth-constraint> 

<role-name>Bob</role-name> 

</auth-constraint> 

<auth-constraint/> 

<auth-constraint> 

<rolc-naxno>Alice</rolc-namo> 

</auth-constraint> 


...... \ 

»% in; i «m «u ttM I ist ■ li i it i\. 


J A. no one 

O B. anyone 

^ C. only Bob 

LI 1). only Alice 

Q E. ont\ Bob and Alice 

L) F. anyone but Boh or Alice 
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web app tinty 


Which at li\ i I it - ', would he addressed \ ia a J2F.I. I. I c ontainer\s data inlegi itv 

mechanism? (Choose all that apply. 

□ A. Verifying that a speciln user is allowed access to a spenlu H I ML page. 

G B. Gnsuriiig dial an eavesdropper can't read an HTTP message lieing sent 
from the client to the container. 

CD C . Verify ing that a client making a request for a constrained JSP has the 
proper role credentials to access theJSP. 

G D Ensuring that a hacker can’t alter the contents of an H i l l* message 
while it is in transit from the container to a client. 


Which are required fields in the login form when using Form Based 
Authentication? (Choose all that apply. 

Q A. pw 

□ B. id 

G c. j_pw 

□ 1). j_id 

G E. password 
G F. j_password 


Wh 

ich 

authentication types require a specific typ< 

all 1 

that 

apply l 

G 

A. 

HTTP Basic Authentication 

□ 

B. 

Form Based Authentication 

G 

C. 

H IT P Digest Authentication 

G 

1) 

H IT 1*S Client Authentic atton 


Choose 
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mock >xam 


Whirl* security mechanisms cun In* implemented I>\ i)sinb> a method in the 
6 HttpServletRequest interface? Choose all that apply.' 

Q A. author i/.ulion 

l) B. data integrity 
Q C. authentication 
1_J 1). confKlentiality 


Which HttpServletRequest method is most closely associated with the use 

of tin <security-role-ref> clement;’ 

L) A. getHeader 

Q B. getCookies 

U ( isUserlnRole 

u] D. getUserPrincipal 

_] K. isRoquestodSossionlDValid 


Which deployment descriptor elements ran contain a <transport-guarantee> 
sub-element? (Choose all that apply.) 

Q A. <auth-constraint 

□ B. <security-role-ref> 
i—I C. <form-login-config> 

□ l*. <usar-data-eonstraint> 


Which authentication mechanism is recommended to In* used only if cookies or 
SSL session tracking is in place? 

A. HTTP Basic Authentication 
—] U Kirill Based Authentication 
J C. PTITPDigest Authentication 
Q D HITT’S Clietti Aniliriitii ation 
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web app security 






12 //ttMve'u 


Which security mechanisms always operate independently of the transport 


tKs ? 11 } 


layer? Choose all that apply. 
00 A. authorization 
D B. data integrity 
_) authentication 
G L). confidcntialits 


-Option A '•* Correct Authorization operates 
Completely Within the Container onCe 
authentication has occurred Authentication Can 
a&ct the transport layer based on how the 
u . _Ll_K is set. 


(liven a depli»yin«*nt descriptor with three valid <security-constraint> 
elements, all constraining wrh resource A. whose respective 

<auth-constraint> sub-elements are 


(servlet syet I 2 -® 0 


<auth-constraint> 

<role-name>Bob</role-naxne> 

</auth-constraint> 

<auth-constraint/> 

<auth-constraint> 

<role-name>Alice</rolo-namo> 


-Option A is Correct The existence ©f an 
empty <auth-Constramt> element overrides 
dll crtnOr <dM‘tK—dorvst' r ^ ,r ' 4 t> clc^C^ts 'thdX 
refer to that resource, precluding access 

CD I’ anyone but Bob nr Alice 


</auth-constraint> 


... » ■ 

1 \ 

f0 A. no one 
LI B. anyone 
(•. only Bob 
CD D. only Alice 
Q E. mils Bob and Alic e 
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3 


Which activities would he addressed via a ,)2KK 1.4 container’s datii integrity 
niechiuiism^ (Choose all that apply.! 

Q A. Verifying that a specific user w allowed access to a specific H I Ml. pane. 

1—1 15. Ensuring that an eavesdropper can’t read an HT TP message being sent 
from the client In the container. 


(SerM*?* 6 ' 


-Option B describes 

Confidentiality. 


□ c. 

A i) 


Verifying that a client making a request for a constrained JSP has the 
proper role credentials to access the JSP 

Ensuring that a hacker can't alter the contents of an HTTP message 

while it is in transit from the container to a client. -Option D « Correct This 

would typically be accomplished 
through the use of BTTPS 


4 


Which are required Helds in the login form when using Form Based 
Authentication? iChoose all that apply. 


□ A. 

□ B. 

□ C. 

□ I) 

□ E. 

A F. 


pw 

id 

j_P w 

j_id 

password 
j__pas sword 


_ 0 pt.cn F is Correct, the user s password must be 
stored m a field tailed jjpassword In addition, the 
user’s name must be stored in j_usemame 


(Servlet spec, 12-5. VO 


5 


Which authentication types require a specific type of HTML action.- 1 Choose (Servlet 
.ill de.ii apply 

D A. HI TP Basil Ailtheniii alion 


, li-** 


A R. Form Based Authentication 
U C. H I I P Digest Authentication 
LI D HTTPS Client Authentication 


—Option B IS correct Tor corn, oiscu 
authentication to work, the attion ok the 
lo^m form must be j__seturrty_theck 
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6 


Whirh security mechanisms ran he implemented by lining a method in die 
HttpServletRequest interface? Choose all dial apply. 


(StrM ‘ 


^ A. 

authoi izdtion 


data integrity 

U c. 

authentication 

□ n. 

11 inhdeniialirv 


-Option A ii Correct The isMse* InRwIe method ean 
be used proyamatiCally, to help determine whether a 
client's role is authorized to access a 51 sen resource 

-Option c is Correct The |)etRemot<User method can 
be used projramatically, to help determine whether a 
uifnt nils bcCh 


7 


Which HttpServletRequest method is most closely associated with the use 

o| the <security-role-ref> element? 


(Servlet *?**■ ' 


□ A. 

□ It. 

if c. 

□ i). 

□ E. 


getHeader 

getCookies 

isUserlnRole 

getUserPrincipal 

isRequos tedSes sionIDValid 


-Option C 'll correct The <seCurtty-role-r«f > 
element .s used to roles hardcoded m a servlet 

to roles declared m the deployment descriptor The 
isUserlnRole method * used - a servlet to test the 
1 i. -C role—rer> elements 


Which deployment descriptor elements can contain a <transport-guarantee> ,, ^t , IVA") 
sub-element? (Choose all that apply.) 

01 A. <auth-constraint> 

L) It. <security-role-ref> 

Q C. <form-login-config> -Option D is Correct A <transport- 9 uarantee> element is used 

Si n. <uso£-data-eonstraint> unthin a ruser-data—C«nttraint> element to spe/.rfy whether a 

web resource Collection should be transmitted usm^ a mechanism 
.. <l ». co 

Maun j»ot_ 


9 


Which authentication mechanism is recommended to hr used only il cookies or (c^-det i ? tl ' 
SSL session tracking is in place? 

U A. HTTP ttasic Authentication 
It. Rirni Based Authentication 
-J C. HTTP Digest Authentication 
J D. HITI’S Client Autlimtii.ition 


-Option B IS Correct Form based lo^in session 
trackma can be difficult to implement, therefore a 
separate session tracking mechanism is recommended 
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13 filters and w rappers 


The Power of Filters 



Filters let you intercept the request. And if you can intercept the 

request, you can aleo control the response And beet of all, the servlet remains 

clueless It never knows that someone stepped in between the client request 
and the Container s invocation of the servlet s service!) method What does that 
mean to you? More vacations. Because the time you would have spent rewriting 
just one of your servlets can be spent Instead writing and configunng a filter that 
has the ability to affect all of your servlets Want to add user request tracking to 
every servlet in your app? No problem Want to manipulate the output from every 
servlet in your app? No problem And you don t even have to touch the servlet 
code Filters may be the most powerful web app development tool you have 


this is a new chapter 
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official Sun exam objectives 


Objecwes 



Filters 


Coverage Notes: 


3.3 Describe the Web Container request processing This objective i\ rowed completely in this 

model; write and configure a filter create a chapter. 

request or response wrapper: and given a design 
problem, describe how to apply a filter or wrapper 


11.1 Given a scenano description with a list of issues, 
select a pattern that would solve the issues. The 
list of patterns you must know are: Intercepting 
Filter, Model-View-Controller. Front Controller. 
Service Locator. Business Delegate, and Transfer 
Object. 


11.2 Match design patterns with statements describing 
potential benefits that accrue from the use of 
the pattern, for any of the following patterns: 
Intercepting Filter. Model-View-Controller, 
Service Locator. Business Delegate, and Transfer 
Object. 


Filters, winch are emsered in this chapter, arc 
an example of fimagine thisI the Intercepting 
Filter fiittn n. Wt dim 7 < Diet pattern- spa ipt 
nrjn until the hit term ihapter. hut it's in III/S 
chapter where you actually set a design that 
demonstrates the Intercepting Filter pattern. 
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filters and wrappers 


Enhancing the entire web application 

Sometimes you need u> enhanc e vour system in ways that span many 
different use ease* nr requests. For example, you might want to keep track 
of your system's response times, across all o! its different user interactions. 




you are here ► 
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request and response filtn. 


How about some kind of "filter"? 

Fillers are Java components very similar to servlets ihai you can use 
In intercept and process requests hrforr they are sent to the servlet, or to 
process responses njtrt the servlet lias completed, I ml br/oir the response 
goes hack to the client. 

The Container decides when to invoke your filler s based on declarations 
in the Dl) In the 1)1). the dcplnycr maps which fillers will he called lor 
which request URL patterns. So it's the deploycr, not the programmer, 
who decides which subset of requests or responses should he processed by 
which filters. 


The ^ue*t awd vesyonse 

P a«ed the ^ 



Fun things to do with Fillers 



Request filters can: 

► perform security checks 
►rcliirniat recpiesi headers or liodies 
►audit or log requests 

Response filters can 

► compress the response stream 
►append or alter the response stream 
►create a different response altogether 





There is only ONE 
filter interface, 

Filter. 

here's no such thing as a RequestFilter 
,r ResponseFilter interface—it s just Fitter 
Vhen we talk about a request Mervs a 
espouse fitter, we're talking only about t o 
w USE the niter, not the actual filter inter 
'ace As far as the Container is concerned, 
there is only one kind of filter—anything 
that implements the Filter interface 
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filters and wrappers 


Filters are modular and configurable in the PP 

Kilters can be chained together, to run one aftet the other. Filters are 
designed to he totally self-contained. A filter doesn’t care which if any) 
filters ran before it did, and it doesn’t care which one will run next.* 

The 1)11 controls the order in which filters run; we'll talk about filter PI) 
configuration a little later in tlie chapter. 


DD configuration 1: 

I sing the DD, you can link them together by telling the Container: “For thrsr 
URLs, run filter I. then filler 7. then filter 3. then run the target servlet.“ 


stl \\ tWel**»• 



Filter 1 Filter 7 Filter 3 


DD configuration 2: 

Then, with a <|iiu k change to the 1)1). you can delete ami swap thrill with: 
"for these URLs, run filter 1, then filler 7. and then the target servlet.” 



Client 


X 


filter l and filter 7 
are in a different order 



Filter 3 Filter 7 


Nothing new 
^e always, 
ilseless^ 



Servlet 


* We're fudging a little. I he deployer often don need to configure the order 
based on the consequences of the transformations performed In the filters. 
Yon wouldn’t, for example, add a watermark to an image after you applied 
a compression filter. In that example, the watermark fillet would have to do 
its thing before the data hits the compression filler. The point is, you as the 
firogrammrr will not build dependencies into your code. 
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filters are like servlets 


If filters ore like 
servlets, then I'm guessing 
they must be invoked by the 
Contoiner, just like servlets 
They probably have their own 
lifecycle... 




Three ways filters are like servlets 

Kim's right, filters live in tin* Container. In many ways 
thcv’re similar to their co-residents, sen lets. Here are a few 
ways in whicli filters arc like servlets: 

The Container knows their API 

Filters have their own API. When a Java class implements 
the Filter interface, it's striking a deal with the Container, 
and it goes from firing a plain old class to being an oflii ial 
J2EE Filter. < filter members of the filler API allow fillers 
to grl access to the Sen letContcxt. and to be linked to 
other filters. 


The Container manages their lifecycle 


Just like servlets, filters have a lifccvi le. Like sen lets, they 
have init() and destroy() methods. Similar to a servlet's 


a„n~.n /a «vPr*cr/\ lilt.x. Ii-o ,1 . vls»l- •!(•%«-' I imtllo. 

uwvjv / uua u.vi» y i«tv innu, imv i t mm i* uut 11*1 tun 


They’re declared in the DD 

A well app can have lots of filters, and a given request 
can cause more than one filter to execute. The DD is the 
place where you declare which filters will run in response 
to which requests, and in which ordn. 
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filters and tappers 


Building the request tracking filter 


Out task is to enhance the Beer application so that whenever 
someone requests any of the resources associated with updating 
recipes, we'll he aide to keep track of who made the request. 
Here's one version of what such a filter might look like. 


package com.example.web; 

import lava.io.*; 
import javax.servlet.*; 
import javax.servlet .http. Ht.tpServletRequest; 




i=^ art » $*** 


ices ' 1 



Soinjf to call them op 
W “S next in linel 


Every filter MUST implement 
the Filter interface 


public class BeerRequestFilter implements Filter I 


private FilterConfig fc; 


public void init(FilterConfig cotrtig) 
this.fc - config; 

) 


yot. must implement MfcO. T“ 

just vave the conf 15 object 


throws ServletExceptiori ( 


public void doFilter(ServletRequest req, 

ServletP.esponse resp, 
FiitetChain chain! 

throws servletException, IOFxception 




HLtpServletP.equest littpReq = (HttpSeivletRequest) req; 
String name = httpReq.getRemoteUser()/ 
if (name != null) | 


But were pretty sure 
that we can cast the 
request and response to 
their HTTP subtypes 


fc.getServletContext().log(“User “ + name + “ is updating"); 

I 


) 


chain.doFilter(req. 


resp); 


public void destroy!) I 
II do cleanup stuff 

) 



You must implement destroy!) 
but usually it's e»pty 


This is how the next filter or servlet 
m line gets called - lots more on this 
m the next Couple of pa^es 
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A filter's life cycle 

Every filler must implement the three methods in the 
Filler interlace: initQ, doFilter(), and destroy!). 

First there’s init() 

When the Container derides to instantiate a filter, 
the init() method is your chance to do any set-up 
tasks before the filter is railed. The most common 
implementation was shown on the previous page; 
saving a reference to the FilterConfig object for 
later use in the filter. 


doFilter() does the heavy lifting 

The doFiltor() method is called every time tin 
Container determines that tin* filter should be 
applied to the current request. The doFilter 
method takes three arguments: 

* A ServlelRequest 

not an HttpServletRequest 
► A ServIctResponsc 

not an HttpServletRvsponse)! 

* A Filter-Chain 

The doFillerQ method is your chance to 
implement your filler’s function. If your filter 
is supposed to log user names to a file, do it in 
d«il iltcrf). Want to compress the response output? 
l)o it in doFilter(). 


In the end there’s destroy() 

W hen the Containei decides to remove a fillet 
instance, it calls tin destroy!) method, giving 
you a c hatter to do any cleanup you nerd to do 
before the instance is destroyed. 


-Jiere.nrejte 

Dumk Utiosiiorts 




What is a FilterChain? 


A: 

A FilterChain is the coolest thing in all of 
Filter-dom. Filters are designed to be modular 
building blocks you can mix together in a variety 
of ways to make a combination of things happen, 
and the FiltetChain is a big part of what makes 
this possible. It's the thing that knows what comes 
next. We already mentioned that the filters (not 
to mention the servlet) shouldn't know anything 
about the other filters involved in the request™ 
but someone needs to know the order, and that 
someone is the FilterChain, driven by the filter 
elements you specify in the DO. 


By the way, FilterChain is in the same package as 
Filter, javax.servlet. 


(V 

V^, I noticed that in your doFilterO method 
you made this call: chain.doFilterO... What's a 
doFilterO doing inside a doFilterO? You’re not 
gonna get all recursive on us, are you? 


/\: 

fl The FilterChain interface's doFilterO is a little 
bit different than the Filter interface's doFilterO. 
Here's the main difference. 

The doFilterO method of the FilterChain takes care 
of figuring out whose doHIterO method to invoke 
next (or, if it's the end of the chain, which servlet's 
service!) method), but the doFilterO method In a 
Filter actually does the filtering the thing the filter 
was created to do. 

This means a FilterChain can invoke FITHER a filter or 
a servlet, depending on whether it’s the end of the 
chain. The end of the chain is always either a servlet 
ot a JSP (which means a JSP's generated servlet, of 
course), assuming the Container is able to map the 
request URL to a servlet or JSP. (If the Container can't 
locate the right resource for the request, the filter is 
never invoked.) 
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filters and .rappers 


Think of filters as being 'stackable" 


Tin' *mk*t spec doesn't dictate how tin- chain. doFiht*r(rc*q, resp) 
method is handled inside the container. In practice, though. yon can 
titink of the process of filters chaining to each oilier as if they were 
simply method calls on a single stack We know there’s more going on 
behind the scenes in the Container, but we don't care, as long as we can 
predict how our filters w ill run. and a conceptual (if not physical) stack 
lets us do that. 

A conceptual call stack example 

In this example, a request lor Servlet A will he filtered by two filters, 
Filter3. then Ftlter7. 


This "conceptual stack” 
is just a way to think 
about filter chain 
invocations. We don’t 
know (or care) how 
the Container actually 
implements this—but 
thinking oT it this way 
lets you predict how 
your filter chain will 


Filter7 I 
doFiltcrfr.r.c)^ 


' Servlet A 
w servicc() 

Filter7 


behave. 


i Filter 7 1 

I \ doFilter(r,r.c)^ 


i Filter 3 

Filter 3 | 

Filtcr 3 1 

| Filtcr 3 ( 

\\ Filter 3 1 

\doFj|ter(r.r.c) | 

'^doFiltcr(r^,c)]j 

'\doFilter(r,r,c) ^ 

^doFilter(r r,c)^ 

\doFilter(rr.c) 1 \ 

the stack 

the stack 

the stack 

the stack 

the stack 

o 

o 

o 

o 

o 


Upon getting 
the request, 

4-L 

i rit uumuinci 

calls Filter3's 
doFilter() method, 
which runs until 
it encounters its 
chain.doFilter() 
coll. 


The Container 
pushes Filter7s 

—A *l 1 

uui imci nicinuu 

on the top of the 
stock - where it 
executes until it 
reaches its chain. 
doFilterQ call. 


The Container 
pushes Servlet As 

rvi/»♦ l*i/-ir-t 

iMwmwy 

on the top of 
the stack where 
it executes to 
completion, and is 
then popped off 
the stock. 


The Container 
returns control to 
ca*—7 ...i-- 

| II I C.I / , WIIC.I C MO 

doFilter() method 
completes and is 
then popped off. 


The Container 
returns control to 

itibor/» *Fc 
| m ui , rtnui v- i > J 

doFilterQ method 
completes, and is 
popped off. Then 
the Container 
completes the 
response. 
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configuring filter■■ 


declaring and ordering filters 


When you configure filters in the 1)1). you’ll usually do three things: 
► Dec lare your filter 

* Map your filter In the writ resources you want to filter 

* Arrange these mappings to create filter invocation sequences 


Declaring a filter 


Rules for <filter> 


<filter » 

•- f : 1 ter-nanw -BeerRequest ■ If ii ter-name - 
<filter-class>cotn.example.web.BeerRequestFilter 
</fiiter-class> 

<init-param> 

< pa ram-name>LugFi leName</param-name> 
<param-vaiue >UserLog.txt</param-value> 
</init-param> 

</filter> 


► The <filter-name> is mandatory 

► The <filter-class> is mandatory 

► The <init-param> is optional and 
you can have many 


Declaring a filter mapping to a 
URL pattern 

-filter-mapping 

• filter-name>BeerRequest- /filter-name> 

<url-pattern>*.do</url-pattern> 

</filter-mapping> 


Declaring a filter mapping to a 
servlet name 

<ti1ter-mapping> 

< filter-name >Beer Request </f liter-name ■■ 

s. servlet-name ^Actvlceservlet*./servlet-natives 

</filter-mapping> 


Rules for <filter*mapping> 

► The <filter-name> is mandatory and il is used 
to link to the correct <filter> element 

► Either the <urt-pattem> or the the 
<servlet-name> element is mandatory. 

► The <url-pattem> element defines which web 
app resources will use this filter 


► The <servlet-name> element defines which 
single weh app resource will use this filter 


IMPORTANT: The Container’s rules for ordering filters: 

When more than one filter is mapped to a given resource, the Container uses the following rules 

1) ALL filters with matching URL patterns are located first This is NOT the same as the URL mapping 
rules the Container uses to choose the 'winner* when a client makes a request for a resource, because 
ALL filters that match will be placed in the chain!! Filters with matching URL patterns are placed in the 
chain in the order in which they are declared in the DD 

2) Once all filters with matching URLs are placed in the chain, the Container does the same thing with 
filters that have a matching <servlet-name> in the DD 
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filters and wrapper$ 


Isn't THAT typical... they give us a way 
to filter requests coming from a client. 
and they just forget all about requests 
that WE generate through forwards and 
request dispatches 6eez they treat 
request dispatching like it's a second- 
class invocation technique?! 



News Flash: As of version 2.4, filters 
can be applied to request dispatchers 

Think about it, It’s great that fillers can hr applird in requests 
that come directly from the rlirnt. But what about resources 
requested from a forward or include, request dispatch, 
and/or tin error handler? Servlet spec 2.4 to the rescue. 


Declaring a filter mapping for 
request-dispatched web resources 

<filter-mapping> 

< filter-name MonitorFilter</filter-naitie 
<url-pattern >*.do</url-pattern ■ 
<dinpatchei REQUEST*' /dispatcher 

- and/ or - 

'dispatcher >INCLUDE*/dispatchei 

- and/ or - 

■dispatchei FORWARD 'dispatcher 

- and / or - 

' dispatchei ERROR ;/dispatt?her 
</fi1ter-mappino > 


Declaration Rules 

► The <filter-name> is mandatory 

► Either the <url-pattern> or <servlet-name> 
element is mandatory. 

► You can have from 0 to 4 <dispatcher> elements 

► A REQUEST value activates the filter for client 
requests If no <dispatcher element is present 
REQUEST is the default 

► An INCLUDE value activates the filter for request 
dispatching from an include!) call 

► A FORWARD value activates the filter for request 
dispatching from a forward!) call 

► An ERROR value activates the filter for resources 
called by the error handler 
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filter configuration exercise 


Based on the following DD fragment, write down the sequence in which 
the filters will be executed for each request path Assume Filterl through 
Filter5 have been properly declared, and that the servlet names are the 
same as their mappings. (Answers are at the end of this chapter.) 


<filter-naroe>Filterl</filter-name> 
curl-pattern>/Recipes/*</url-pattern> 

</filter-mapping* 

<filter-mapping> 

<filter-name>Filter2</filter-name> 
<servlet-riame>/P.ecipes/HopsList. ao</servlet-name - 
</filter-mapping> 

< f il t e r-mapping > 

<f i 1 ter-naroe>F: ] tsr3</f1 1 t.er-name> 
<url-pattem>/Recipea/Add/*</url-pattern> 

</filter-mapping> 

< filter -mapping > 

efilter-name >Filter4</filter-nama> 

<sen iet-r.ame'j/Becipes/M^di fy/ModRecipes.doc/servlet-name • 
</fllter-mapping> 

cfilter-mapping^ 

cfilter-naroe>Filter5</filter-na!ne> 
curl-pattern>/*</ur1-pattern> 

</filter-mapping* 


•^Sharpen your pencil 


<filter-mapping 


Request path 

Filter Sequence 

nrse /HAr>eDar\A»*f Mrs 

r mcio. 

/Recipes/HopsList.do 

Filters: 

/Recipes/Modify/ModRecipes.do 

Filters: 

/HopsList.do 

Filters: 

/Recipes/Add/AddRocipes.do 

Filters: 
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filters and rappers 


Compressing output with a res ponse -side filter 

Karlin we showed a very simple request filter. Blit now we’ll look at a response 
filter. Response fillers are a hit trickier, hut lhe\ can he incredibly Useful, flier 
let us do something to the response output alter the servlet does its tiling, 
but before the response is sent to the c lient. So instead oi stepping in at the 
beginning before the servlet gets the request we step in at the end after the 
servlet gets the request and generates a response. 

Well, sort of... think about it. Fillers are always invoked in the chain before the 
servlet. I here's no suc h thing as a filter that is invoked only after the servlet. 
But... remember that stac k pic litre. The filter gets another shot at this after 
the servlet completes its work and is popped off the (virtual) stack! 
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a response fih~r 


Architecture of a response filter 

Riu In I is talking about tin basil .structure of what you put in 
a *1*>Filtcri i method first you do work related to the request, 
then you call chain.doFiln r . then finally, when the servlet and 
any other filter in the chain after your lilteri completes and 
control is returned to your original doFillcri:method, you can 
do some tiling to die response. 

Rachel’s pseudo-code for the compression filter 

class MyCompressionFilter implements Filter ) 


tr.it (>; 

public void doFiltet(request, response, chain) ( 
// this is where request handling would go 
chain.doFiIter(request, response); 

//do compression logic here ^_ 


The »erwlet d <*' 

it the- yoirt 


N "" ttafc the servfei . 

d»K IlaI , V 11 dor*, 


destroy!); 




Jted 


The conceptual call stack 



The Compression 
filter's doFilterQ 
method runs, and 
invokes choin.doFilterQ. 
It's too early to do 
any compression—the 
goal is to compress the 
response output from 
the servlet. 


The Servlet's service() 
method goes on the 
top of the stack, does 
some work, generates 
a response output, and 
completes. 


Now that the Servlet's 
servtce() method 
has popped off the 
stock, the rest of the 
compression filter's 
doFilterQ method can 
run, and (it hopes) do the 
compression on whatever 
the servlet wrote to the 
response output! 
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Put is it really that simple? 

1 )<>«’* compressing tin- response really involve nothing more titan 
waiting for the servlet to finish, then compressing the servlet’s 
response output? After all. the filter's tloFilierl method has a 
reference to the same response object that went to the servlet, so in 
theory, the 1 liter should have access to the response output... 


public void doFilt-fir (request, response, chain) | 
// this is where request handling would go 
chain.doFiIter(request, response); © ® 

// do compression logic here ( 3 ) 


1 The filler passes the request 
and response to the servlet and 
warts patiently for its chance to 
Request on compress stuff 


i 


Client 



3 The call to chain doFllter() has 
returned, snd the filter was hoping 
to grab the output and and start 
compressing 


EXCEPT it's too late 1 The output was 
already sent to the client' The Container 
doesn t buffer the output for the filter 
By the time the filter s own doFilterf) 
method is at the top of the (conceptual) 
stack it's foo late for the filter to 
affect the output. 


Wfi-oh Tkii 
,l <> fVobW. 
ike 

wait 

** the filtcJ 


Output 

Stream 


Container 


Response 


2a The servlet does its thing 
creating output, blissfully unaware 
that this very same output was 
supposed to be compressed 

2 b The output goes back 
through the Container and 

2c It's sent back to the client' 
Hmmm this could be a problem 
The filter was hoping to have a 
chance to do something to the 
output (compress it) before the 
output went to the dient. 
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filtering the output 


The output has left the building 



Think about this for a minute... the servlet 
actually gets the output stream or writer 
from the response object What if instead 
of passing the REAL response object to the servlet, 
your filter swapped in a custom response object 
with an output stream that you control? Nobody 
said the filter has to pass the REAL response 
when it calls chain.doFilterQ... 



Original request and response 



Container 


Filter 


a different response 

i 

chain.doFilter(^ Q ) 



Servlet 
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We can implement our OWN response 

Tlu* Container already implement* the HttpServletResponse interlace: that's 
what vou get in the doFiherl) and service; i methods. But to get this compression 
filter working, we have to make ottr tut n custom implementation of the 
IItlpServlelResponse interlace and pass Ihnl to the servlet via the chain.dol ilterf: 
call. And that custom implementation has to also include a custom output stream as 
well, since that's the goal to capture the output after the servlet writes to it but 
before it goes hack to the client. 


The filter passes a Custom "AtyResponsc", 
which implements BttpSerdetRevponse 
(instead of the original RBAL response 
the Container passed to the filter) 


serviceQ 



The "AlyResponse’ object also has a Custom 
output stream that Compresses the data 
written by the servlet, and then sends the 
Compressed data to the ordinal output 
stream (that y>e* back to the client) 


The “MyResponse" object 
delegates (passes-throu^h), 

mort of The calls rt r«C«iv«, 

to the "real' response object 


y Filters pass ServletRequest and ServletResponse objects to the next 
thing in the chain, NOT HttpServlet Response! So why are you talking about 
implementing HttpServletResponse? 

A ; 

Xi’ Filters were designed to be generic, and so officially, you're right. If we 
thought one of our filters might be used in a non-web app, we'd be implementing 
the non HTTP interface (ServletResponse), but today, the chances of someone 
developing non-HTTP servlets is close to zero, so we're not worried. And since 
ServletResponse is the supertype of HttpServletResponse, there's no problem passing 
an HttpServletResponse where a ServletResponse is expected. 
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implementing HttpServletResponse 



She doesn't know about the servlet Wrapper classes 

Creating your own custom HtlpServIrt Response 
implementation would be a pain. Especially when all 
you want in implement are just a ftu ol the method*. 

And since HttpSrrvIrtRcsponsc is an interface that 
extends another interlace, to implement your own 
custom response, you'd have to implement <■crnl/titif. 
in both HttpSert let Response and its superintetface, 
ServieiResj ion sc. 

But fortunately. someone at Sint did that for you, by 
creating a support convenience c lass that implements the 
HtipServleiResponse interface. All of the methods in that 
class delegate the calls to the underlying real response 
created by the Container, 


ServletResponse interface 

(javax servlet ServletResponse) 


«inteiface» 

ServletResponse 


getfk/fferSrzeil 

setContentTypel) 

getOutputStream() 

getWhterfl 

It MANY more methods 




HttpServletResponse interface 

(javax.servlet http HttpServletResponse) 


«inter1ace» 

HttpServletResponse 

addCookieQ 

addDateHeaderp 

addHeadedJ 

encodeRedirectURLO 

encodeURLO 

sendErrorl) 

sendRedkedO 

setDateHeaderfl 

eatUaadort' I 
WVSI H.MW 1/ 

setStatusO 
tt more methods 


t 

Rfmfn.be*', to implement 

HttpServletResponse you have to 
implement SVtR'/mM £r Orr 
both rt a*cd its superinterfade 
ServletResponse 
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Wrappers rock 


The wrapper classes in (he servlet API are awesome the) 
implement all the methods needed for the tiling yotfre 
Irving to wrap, delegating all calls to the underlying request 
or response object. All you need to do is extend one ol die 
wrappers, and override just the methods you need to do your 
custom work. 

You've seen support classes in thej2SE API. of course, with 
tilings like the Listener adapter classes for (if Is. And you’ve 
seen them in theJSP API with the custom tag support classes. 
Hut while those support classes and these request and response 
wrappers are all convenience classes, the wrappers are a little 
different because they. well, wrap an object of the type they 
implement. In oilier words, they don't just provide an mterfaa 
implementation , they actually hold a reference to an object of 
tin same interface type to which they delegate method calls. 

By the wav, this has nothing whatsoever to do w ith the J2SK 
“primitive wrapper" classes like Integer. Boolean, Double, etc. 

(treating a spec iali/cd version of a request or response i> such a 
common approach when creating filters, that Sun has created 
lour “convenience” ( lasses to make the job easier 

* ServletRequestWrapper 

► HttpServletRequectWrapper 

* ServletFtesponseWrapper 

► HttpServletResponseWrappei 


S3 

I f ' > 


Although not explicitly JJJ* 
0 fr !C i 2 ! objectives, you MIGHT see 
‘•Decorator” on the exsm. 


"Ut!v*uia»v« — -- 

If you re familiar with regular old (non-J2EEj des ^ n ^ e ^ mp , e 

everything the original wrapped diingM „rap- 

Ifs like saying, characters!,c of a 

TgTwZs ^er than being a complete replacement. 


WrappER (y our duitow. 
resyonie object) 



WrippEE (the original 
Cowtamer-deeated 
rerponte objedt) 


Whenever you want to 
create a custom request 
or response object, 
just subclass one of the 
convenience request 
or respoase “wrapper" 
classes. 

A wrapper wraps the 
REAl re<juest or response 

a»l. */*<*!- n m /J Jn I rt^nJ /Sfl 

unjoin, os iu ukricgoi.ro 

(passes through) calls 
to the real thing, while 
Still letting you do the 
extra things you need for 
your custom request or 
response. 
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a response filter 


Adding a simple Wrapper to the design 


I ..M's nthaiu r Rarhrl’s lit si pseudo*, ade l>\ adding a wrapper. 


Compression filter design, version 2 (pseudocode) 


class CompressionResponseWrapper extends HttpServletResponseWrapper | 


// override any methods you want to customize 
I 


class MyCompressionFilter implements Filter | 



We'll be 

ovemd.^ a ft" ?*** 


public void init(FilterConflq ctq) I > 


public void doFiltei< request, response, chain) l 

CompressionResponseWrapper wrappedResp 

= new CompressionResponseWrapper(response); 



The adt of "wrapping the respor.se 
with our Custon. Wrapper dlass 


) 


) 


chain.d Filter(request, wrappedResp);^ 
II do compression logic here 


) 

public void destroy)) t ) 


Now we send th<s alon^ down the filter 
Chain None of the tomponents down the 
chain will ever know that the response 
objedt they y>t was a duston. job 


□ 

Container 



Filter 



2 Since we didn t override any 
methods in the Wrapper, the output 
stream isnt affected yet 


Output 

Stream 
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Add an output stream Wrapper 


Let’s add a second Wrapper... 

Compression filter design, version 3 (pseudocode)^ ' ^ strea- 

class CompressionP.esponseWrapper extends HttpServlet 


jnseWrapper ( 

public ServletOutputStream getOutputStreamt) throws... 1 


servletGzipOS = new GzipSOSIresp.getOutputStreamO); 
return servletGzipOS; 

1 Returr a sfe£«*f 

ServletO-tfwtStrea-. 

II maybe override other methods Vioever asks Cor ore 


class MyCompressionFilter implements Filter 


"Wrafpir^“ the 
£crvlet0»tput£trea» 
with our £ust°"> 
Servlet0wtput£trejr> 
Writer class For 
row let’s assume fa? 
SerwIetOutputStrear. 
e*terds 

Serv|et0wtput£trea»*> 


public void init<FilterConfig cfg) | I 

public void doFiltert request, response, chain) I 


CompressionResponseWrapper wrappedResp 

- new C rnpressionFtesprnseWrapper(response); 


tialn.doFi ter (request, wrappedResp i ; 


II do compression logic here 

> 

public void destroy() ( | 


) 



1 The filler passes the request 
nhject and a custom response 
object to the servlet The 
Custom response has a speuai 

getOutputStream method 


2 When the servtet asks for an 
output stream it doesn t KNOW 
that it will get a ‘special’ output 
stream 
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response compression fi 


The real compression filter code 


l inn* l<» code. We end this chapter by looking at the code 
Tor both the compression filter and the wrapper it uses. 
We’re expanding from the previous disc ussion, and while 
there is some new stuff here, it's mostly just plain Java code. 

This filter provides a mechanism to compress the response 
body content. This type ol filter would commonly be 
applied to any text content such as H I ML. but not to most 
media formats such as PNG or MPEG, because they are 
already compressed. 

package com.example.web: 

import javax.servlet. 1 ; 
import javax.servlet.http.•; 
import java.io.*; 

import java.uti1.zip.GZIPOutputStream; 




Relax *° u do " l "end ,o study 

<h,scoOeformee^J 

dem anstran on f ^f ld ' t '” s exam t»e ts a 
so that you can *2"!* ® ,er Moo 
real-world You don t ” 09 3 llttto 

understand th l5 P 7n Cu Z '° ' eam ° r 

so consJ7rX Z?T ,P,e forthe 

compfete/y optional * ^chapter 


public class CompressionFilter implements Filter | 


private ServletContext ct.x; 
private FilterCordlg cfg; 

public void init (FilterCordig cfgf 
throws ServletException I 
this.efg = cfg; 

ctx = cfg.getServletContext(); 
ctx.logfcfq.getFi1terName() ♦ w 



The mi-t method Jives the Confi^ object 
and a <\uitk reference to the servlet 
Content object (for lo^n) purposes) 


initialized."); ^ ^ wraps the response 

object with a Decorator that wraps the output 
stream with a Compression I/O stream 


hi i/ 


rlnJTi 1 Pc 


ServietKesponse resp, 

FilterChain fc) 
throws IOException, ServletException I 
HttpServletRequest request - (HttpServletRequest) req; 
HttpServletResponse response = (HttpServletResponse) resp; 


Compression of the output stream is performed 
.C i mJu -f It# #li#»l m/iido an Accent- 

V% Or<V* V»nj •* WMV wwv " —- - - * 

Encoding header (specifically, for ^up) 


Stung vaiid_encodings = request.getHeader("Accept-Eneoding"); 
If ( valid_encodings.inriexOf ("gzip") > -l ) ) 


Does the client acceyt 
4Z-IP Compression? 


CorapressionResponseWrapper wrappedResp 
» new CompressionResponseWrapper(response); 
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If so, wray the resyonse object 
with a Compression wrapper 
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Compression filter code, cont. 


Debugging Tip! 

To test this filler, comment out this 
line of code. You should see illegible, 
compressed data in your browser. 


wrappedResp.sotHeader("Content-Encoding", "gzip"); 


lot-., 


fc.doFilter(request, wrappedResp); 



Chain to the ne*t Component 


GZIPOutputStream gzos = wrappedResp.getGZIPOutputStrearn(); 
q20S . finish () ; 


ctx. log (cfq.get Fi 1 terName <) * finished the request.."); 


I else ( 

ctx.log(cfg.getFiltert»ame() + **: no encoding performed."); 
fc.doFilter(request, response); 

I 


A 6[Z -IP Compression stream 

must be "finished , whith 
also flushes the 6fZ ~IP stream 
buffer, and sends all of its 
data to the ordinal response 
stream 


) 

public void destroy() | 

// nulling out my instance variables 
cfg - null; 
ctx = null; 

I 

I 

"Off the path" 

Compression meets HTTP 

How dors the server know it can send compressed data? How 
does the browser know when it's getting compressed data? Il 

turns out that HTTP is “compression-aware”: here's how it 
works: 

► One of the headers that the browser sends i Accept-Encoding: 
gzip”\ tells the server alxml the browser’s capabilities lor 
dealing with different types of eonteut. 

► If the server sees that the browser can deal with compressed 
data, il will perform the compression, and add a header 

' ■‘Content-Encoding: gzip”), to the response. 

► When the brovcsri receives tlie res|M>nsr, the “Content* 

Eiu oding: gzip” header tells the browser to de-compress the 
data before il is displayed. 


The Container handles the 
rest of the work 
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response compression wrapper 

Compression wrapper code 

W’c looked al the Compression filter: now let's take a look at the 
wrapper ii uses. This is one of the most complicated topics in all of 
servlet-dom, so don’t panic if you don’t grok it the first time. 

This response wrapper decorates the original response olijeet lw 
adding a compression decorator on the original sen 1 let output stream. 


package coni.examp le.wen; 

// Servlet imports 

import javax.servlet.http.*; 

import javax.servlet.‘; 

II I/O imports 
import java.io.*; 

import java.ut•l.zlp.GZJPOulputStream; 


class CompressionResponseWrapper extends HttpServletResponseWrapper ( 

—-fhe Compressed output stream 

private GZIPServletOutputStream c-rvletGzipOS = null; 

private PrintWriter pw = null; ^ -The PnntM/rrter object to the 

Compressed output stream 


CompressionResponseWrapper (HttpServletRe;ponse resp) 
super(resp); 

) 



The soper constructor performs the 
Decorator responsibility of storing a 
reference to the object bew<) decorated, 
m this case the HTTP response object 


public void setContentLength ( int len) ^-- Ignore this method—the out- 


rw -i >. >. 11 Lv « S .. f\4 . Ar« m. u! 

«MM VI. nwmp c »CU 


public GZII jatpUtStl •Jim getGZIPOutputStream I ) 
return this.servletGzipOS.internalGzipOS; 


This decorator method, used by the filter, 
<yues the Compression filter a handle on the 
6|ZIP output stream so that the filter can 
'’•finish ' 1 and -flush the ^Z-IP stream 
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Compression wrapper code, cont. 


provide access to a decorated 
lervlet output stream 


private Object streamUsed = null; 
publi- Set '.eLOutpucStreani getOutputStreamt) throws IOEx.optiot. I 


If ((streamUsed !- null! &S (streamUsed !- pw)) ( 
throw new IilegalStateException 0; <! 


if ( servletGzipOS == null ) ( 
servletGzipOS 

- new GZIPServletOutputStream(getResponse(I 

. getOutputStream O ); 

streamUsed - servletGzipOS; 

I 

return servletGzipOS; 

Provide access to a decorated 
(►nut vnrrter 

public PrintWriter getWritert) throws IOExcepticn I 


Allow the servlet to access a servlet output 
stream, only ^ the servlet has not already 
accessed the print writer 

^ 1/Vrap the Original servlet output 

stream with our Compression 
servlet output stream 


) 


if ( (streamUsed != null) 6t (streamUsed 
throw new IilegalStateException(); 


if ( pw == null ) ( 


!= servletGzipOS)) ( 


Allow the servlet to access a pnnt writer, 
only if the servlet has not already accessed 
the servlet output stream 


servletGzipOS 

= new GZIPServletOutputStream(getPesponse<) 

.getOutputStream()); 

OutputStreamWriter osw 

= new Oul-putStreamWriter (servletGzipOS, 

getResponse!).getCharacterEncoding()) 



pw = new PrintWriter(osw); 
streamUsed - pw; 


return pw; 


To make a print wnter, we have 
to f irst wrap the servlet output 
stream and then wrap the 
Compression servlet output stream 
in two additional output stream 
decorators OutputStreamH/nter 
which Converts Characters into 
bytes, and then a fVintWnter on 
top of the OutputstreamWnter 
object 
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Compression wrapper helper class code 

This h<*l|M*r class is a Decorator on ihc S«Tvlc(Out|iui Stream abstract 
( lass which delegates iIn- real work of compressing the generated 
rontent using a standard GZ1P output stream. 


Then* is only one .distract method in the ServletOutputSirram that 
this Decnrator must implement: write'int: 1 his is where all of the 
delegation magic occurs! 


'-la GZIPServletOutputStream ex tend:: Serv ietOutf: :tSt_reani 1 


GZIPOutputStream internalGzipOS, * - *«F * rtl<rc*U ^[ P **** 

instance variable a patkay-pnvate to alios- the 

/** Decorator constructor */ Compression response wrapper at-t&i to this variable 

GZIPServletOutputStream<Serv 1 etOutputSt t eatt sc :;) 'hrr .s.= IOExcept 1 : i 
thia.InternalGzipOS = new GZIPOutputStream(soa); 

I 


public vc d write(int p-aram) thrown iuvd.io.lOException ) 
internalGzipOS.write(param )t 

This method implements the Compression decoration by deleytmcj 
the wtrrteO tall to the 6iZ\? Compression stream, which is wrapping 
the ordinal SemcletOutpvtStream, (which m turn is ultimately 
wrapping the TCP network output stream to the client) 
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ANSWERS 

Write down the sequence in which the filters 
will be executed for each request path. 
Assume Filterl - Filters have been properly 
declared. 

<filter-name>Filterl</filter-name> 

<Ut l-patterns/Recipes/ *</url-pattern> 

</fiIter-mapping - 

■- f i 1 te i -mapp i rig • 

<filter-name>Filter2</£ilter-name> 

<servlet-name>/Recipes/HopsList. do</servlet-name • 
</filter-mapping> 

< filte r-mapping > 

<f i lter-namfi>Fi ;tsr3</filter-name> 
<url-pattem>/Recipea/Add/*</url-pattern> 

</filter-mapping> 


< £iiter-mapping > 

<filter-narae>Filter<t</f ilter -1 

<s@rviet-naroe>/Reeipes/M ^di f y/ModRecipes.do</serv let -name- 


</fllter-mapping> 


<fiIter-mappings 

cfilter-name^Filter5</£ilter-naine> 
<url-pattern>/*</url-pattern> 

</filter-mappings 


Request path 

Filter Sequence 

noe / Hr\nePAnr»**f Ha 

CiltArA • 1 C 

r mcia. x , 

/Recipes/HopsList.do 

Fitters: 1, 5, 2 

/Recipes/Modify/ModRecipes.do 

Filters: 1, 5, 4 

/HopsList.do 

Filters: 5 

/Recipes/Add/AddRocipes.do 

Filters: 1, 3, 5 


^Sharpen your pencil 


<filter-mapping 
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Woc/c &xewt 13 


Which are true about Alters? (C'hoose all that apply;) 

LI A. A Alter ran art on only the request or response object, 
not both. 

D H. The destroy method is always .1 container callback 
tnrthod. 

□ C. The doFilter method is always a container 

callback method. 

O D The only way a filter ran be invoked is through a 
declaration in the DD. 

□ E. The next filter in a filter chain can be specified either 

by the previous filter or in the DD. 


Whirh are true about declaring fillers in tin* DD? 

(Choose all that apply.) 

Q A. L'nlike servlets, fillers CANNO’I declare initialization parameters. 

D B. Filler chain order is always determined by the order the elements 
appear in the DD. 

Q CI. A < lass that extends an AIM request or response wrapper class 
must be declared in the- DD. 

D D. A class that extends an AIM request or response wrapper class is 
using the Intercepting Filter pattern. 

LJ E, Filter chain order is affected bv whether filter mappings are 
declined \i.i <uil-pattetn> 01 s ia < 9 etvlet-n«uue>. 


728 chapter 13 



filters and wrappers- 


Given the class UserRequest ts an implementation of HttpServletRequest. and given that this method 
in an otherwise properly defined Filter implementation: 


20. public void doFilter(ServletRequest req, 

21. ServletResponse response, 

22. FilterChain chain) 

22. throws IOException, ServletException f 

23. HttpServletRequest request = (HttpServletRequest) req; 

23. HttpSession session = request.getSession(); 

25. Object user - session.getAttribute("user"); 

26. if (user ! = null) { 

27. UserRequest ureq = new UserRequest(request, user); 

28. chain.doFiltor(ureq, response); 

29. ) else ( 

30. RequestDispatcher rd = request.getRequestDispatcher("/login.jsp"); 

31. rd.forward(request, response); 

32. ) 

33. > 

Which is true? 

_J \. An exception will always lie thrown iT line 31 executes. 

—J 15. Line 28 is invalid because request must be passed 
as the first argument 

□ C This line: chain.doFilter (request, response) 

must be inserted somewhere in the else block. 

O I). This method docs urn properly implement 

n4 1 L »L — .L J 

nuei .uumiei \t utnauM* nu* uituimi 

signature is incorrect. 

Q E. None of the above, 
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Given a partial deployment descriptor: 

11. <filter> 

12. <filter-name>My Filter</filter-narae> 

13 . <filter-class>com. example .MyFilter</£Llter-class> 

14. </fllter> 

15. <fllter-mapping> 

16. <filter-name>My Filter</filter-name> 

17. <url-pattern>/my</url-pattern> 

18. </filter-mapping> 

19. <servlet> 

20. <servlet-name>My Servlet</servlet-name> 

21. <servlet-class>cora.example.MyServlet</servlet- 
class> 

22. </servlet> 

23. <servlet-mapping> 

24. <servlet-name>My Servlet</servlet-name> 

25. <url-pattern>/my</url-pattern> 

26. </servlet-mapping> 

Which is true:' Choose all that apply.) 

L) A. The tile is invalid because the URL pattern /my 
is inapp-d to holli a servlet and a filter. 

J B. I In- file is inv alid because neither the sen-let name 
nor the filter name is allowed to i on tain spaces. 

□ C. The fillet MyFilter will lie invoked after the 

MyServlet sen let for each re«|tiest that matches 
the pattern /my 

L] 1). The fillet MyFiltor will In- invoked before the 

MyServlet servlet for each request that matches 
the pattern /my 

□ K. The file is invalid because tin <filter> element must 

contain a <servlet-name> element that defines 
which servlet the filter should be applied to. 
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Which about fillers arr true? Choose all that apply.) 

□ A. Filters may he used to ereate request or response wrapper*. 

G B. Wrappers may he used to create request or response filters. 

iG ( I'nlike servlets, all filter initialization code should be placed in 
the constructor since then* is no init () method. 

G D. Filters support an initialization mechanism that includes an 
init() method that is guaranteed to he called before the 
filter is used to handle requests, 

Q F>. A filter's doFilter () method must call doFilter() on 
the input FilterChain object in order to ensure that all 
filters have a chance to execute. 

IG F. When calling doFilter ( ) on the input FilterChain. 
a filter’s doFilter () method must pass in the same 
ServletRoquost and ServletResponsc objects that 
were passed into it. 

U ( I. A filter s doFilter () may block further request processing. 


Which are true about the servlet Wrapper classes? (Choose all that apply.I 

LJ A. 1'hey provide the only mechanism for wrapping 

ServletResponse objects. 

CG IF They can be used to decorate classes that implement 

Filter 

C. They can be used even when the application does 
N’(>T support H I I P. 

U 1) The API provides wrappers for SorvletRequest. 
ServletResponse. and FilterChain objects. 

L) K. They implement the Intercepting Fillet pattern. 

IG F. When you subclass a wrapper class, you must override 
at least one of the wrapper class’s methods. 
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1 


Which are true about filter*? (Choose all that apply. I 

Q A. A filler t an act on only the request or response object, 
not both. 



The destroy method is always a container callback 
method. 


□ c:. 

5^ D. 


The doFilter method is always a container 
t ailback method 

The only way a filler can be invoked is through a 
tied.nation in the 1 >1). 


□ K 


The next filter in a filter chain t an he specified either 
by the previous filter or in the DP. 


fc) 


- 0 ption C i* »torrett, doF.lter a both 
a tallbatk and an mime method 


M* 6 .-«**■-* 

Tttbtr «*•£"• * a »‘ 


2 


Which are true about declaring filters in the DP? 

(Choose all that apply.; 

□ A Unlike servlets, filters CANNOT dec hire iniliali/aljon parameters. 

Q B. Filter chain order is always determined hy the order the elements 
appear in the DP. 

l) C. A class that extends an API request or response wrapper class 
miisi he declared in ihc DP. 

Q P. A claoa I hill extends un API request or response w rapper class i-> 
using the Intercepting Filter pattern. 

a E, Filter ehain order is ufieeted bs whetber tiller mappings are 
declared via <url-pattern> or via <servlet-narae> 


(Servlet^ fc) 


-Option B is mtorrett, 
because <«rl-pattern> 
mappings will be thamed 
before <servlet-name> 
^appmy 

-Option D is mioreect, 
wrappers are examples of 
the Decorator pattern 
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Given the class UserRequest is an implementation of HttpServletRequest. and given that this method 
in an otherwise properly defined Filter implementation: 

(Servlet A* T* V)) 

20. public void doFilter(ServletRequest req, 


21 . 

22 . 

22 . 

23. 

23. 

25. 

26. 

27. 

28. 

29. 

30. 

31. 

32. 

33. ) 

Which is true? 


ServletResponse response, 

FilterChain chain) 

throws IOException, ServletException { 

HttpServletRequest request = (HttpServletRequest) req; 

HttpSession session = request.getSession(); 

Object user - session.getAttribute("user"); 
if (user != null) ( 

UserRequest ureq = new UserRequest(request, user); 
chain.doFiltor(uroq, response); 

) else ( 

RequestDispatcher rd = request.getRequestDispatcher("/login.jsp"); 
rd.forward(request, response); 

) 


_1 \. \n exception will always lie thrown if line 31 executes. 

—J 15. Line is invalid because request must be passed 
as the first argument 


—Option B is inCorrett because rt is 
valid (or a filter to wrap a request 
(note that UserRequest must 
implement ServletRequest) 


—1 ( This line: chain.doFilter (request, response) Option C is incorrect because th« 


must be inserted somewhere in die else block. 


dorilter method is SOT required to 
tall chain doFilterO 


na 1 J - ri: l 4 . t \ I . I. — .L _l 

nitei .uynnei \t ortauM* uu* uiciiinii 


—) |) I his method tloe> not properly implement 

mi 1 JwCIl 1 A.m. 

r±±tei.uyf ±± lcj 

signature i> incorrect 
[3 L. None ol the aliove. 


P ! s Correct because 
1-ne method Signature ,i dorreef. 
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4 


Given a partial deployment descriptor: 


(Soviet ^ Wr 


11. <filter> 

12. <filter-name>My Filter</filter-narae> 

13 . <filter-class>com. example .MyFilter</£Llter-class> 

14. </fllter> 

15. <fllter-mapping> 

16. <filter-name>My Filter</filter-name> 

17. <url-pattern>/my</url-pattern> 

18. </filter-raapping> 

19. <servlet> 

20. <servlet-name>My Servlet</servlet-name> 

21. <servlet-class>cora.example.MyServlet</servlet- 


class> 

22. </servlet> 

23. <servlet-mapping> 

24. <servlet-name>My Servlet</servlet-name> 

25. <url-pattern>/my</url-pattern> 

26. </servlet-mapping> 


Which is true:' Choose all that apply.) 

□ A. The tile is invalid because the URL pattern /my 
is inapp-d to both a servlet and a filter. 


-Option A u Correct because this is 
proper synta* used to map ^ filter to 
the same pattern as a servlet 


□ B. 


I he file is invalid because neither the servlet name 
nor the filter name is allowed to contain spaces. 


-Option B IS incorrect because 
there is no suCh restriction. 


O C. rite film MyFilter will be invoked after the 

MyServlet sen let for each request that matches 
the pattern /my 


—Option C is incorrect because 
filters are executed before 
servlets, not after 


/ 

a 1). file filler MyFiltor w ill b** invoked before the 

MyServlet servlet for each request that matches 
the pattern /my 


l! K. The tile is invalid because the <filter> element must "Option £ is mCorrect because 

c ontain a <servlet-name> element that defines ether a <serv!et-na»*e> element 

which servlet the filter should he applied to. or , a <ur ! - P^ttern> may be used 

within a <t liter-mapping element 
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Which about filters are true? (Choose all that apply.) 

A. Filters may be used to create request or response wrappers. 

O B. Wrappers may be used to create request or response filters. 

L) C. Unlike servlets, all filter initialization code should be placed in 
the constructor since there is no init () method. 


fif I). 


Filters support an initialization mechanism that includes an 
init() method that is guaranteed to be called before the 
filter is used to handle requests, 


(strM ra ^ 

-Option b is incorrect because 
the terminology « reversed 

-Option C is inCorreCt because 
there is an irutO method 
that should be used foe filter 
initialization 


Q E. \ filter’s doFilter () method must call doFilterO on 
the input FilterChain object in order to ensure that all 
filters have a chance to execute. 

Q F. When callimt doFilter () on the input FilterChain. 
a filter’s doFilter () method must pass in the same 
ServletRoquost and ServletResponse objects that -Option F is incorrect because the 
were passed into it. filter may choose to ua-ap the 

5^ (*. A filter’s doFilter () may block further request processing, instead*^ 0 *** 


-Option E is incorrect because 
CallinA doFilterO is not necessary 
if a filter wishes to block 
further request processing 


6 


Which are true about the servlet Wrapper classes? (Choose all that apply.i 


(API) 


□ A. 


I'hey provide the only mechanism for wrapping 

ServletResponse objects. 


-Option A IS incorrect because you can 
Create your own wrapper class 


Q B. They can be used to decorate classes that implement 

Filter 


-Option B ‘s mCorrect because these classes 
are used to wrap requests and responses 



They can be used even when the application does 
N’t >T support I IT I P. 


U I) flu- API provides wrappers for SorvletRequest. 
ServletResponse. and FilterChain objects. 


-Option D is incorrect because the API 
does NOT provide a FilterChain wrapper 


□ E. Tlmy implement the Intercepting Filter pattern. -Option E u mCorrect because these wrappers 

implement the Decorator pattern 

IJ F. When you subclass a wrapper class, you must override 
at least one of the wrapper class’s methods. 
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Enterprise Design Patterns 



/ Brittany said 
1 that she saw JNDI 
lookup code actually 
IN his servlet Can you 
believe that’ Right there 
in a doPost method.. . 


I heard that he did 
not use J2EE patterns, 
and the punishment for 
3 that will be severe. 


Someone has done this already, if you re just starting to develop 

web applications in Java you're lucky You get to exploit the collective wisdom 

of the tens of thousands of developers who've been down that road and got the 
t-shirt Using both J2EE-specrfic and other design patterns, you can can simplify 
your code and your life And the most significant design pattern for web apps. 
MVC, even has a wildly popular framework. Struts, that II help you craft a flexible 
maintainable servlet Front Controller You owe it to yourself to take advantage 
of everyone else s work so that you can spend more time on the more important 
things in life (skiing, golf salsa dancing, soccer poker, playing the accordion ). 


tills Is a new chapter 
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official Sun exam bj- . r/ve 


Objectives 



J2EE Patterns 


Coverage Notes: 


11.1 Given a scenano description with a list of issues, 
select the one of the following patterns that would 
solve those issues: Intercepting Filter, Model- 
View-Controller, Front Controller. Service Locator, 
Business Delegate, and Transfer Object. 


11.2 Match design patterns with statements 

descnbing potential benefits that accrue from 
the use of the pattern, for any of the following 
patterns: Intercepting Filter, Model-View- 
Controller. Front Controller, Service Locator, 
Business Delegate, and Transfer Object. 


I hf objectives in this section art cos end 
completely in I/m chapter. .Vo, make that MORE 
limn completely. 7 lit exam questions on patterns 
iiir Hit lernt trill i i of all the possible questions 
you'll see on the exam, vo rou ran almost reins in 
this section. 

If you're already familiar with the fundamental 
enterprise design patterns, you can probably 
answer the exam questions on patterns. 

And although 'struts is not on the exam, this 
chapter also includes an introduction to Struts, 
currently the most commonly-used framework for 
an ,\l\’C ueb application. 
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Client 


Client 


Client 


The Internet 


Load 

Balancer 


Firewall 


Web site hardware can get complicated 


in tin- Krai World, well apps can get complicated. A popular web site 
ran get hundreds of thousands of hits per day. To handle this kind of 
volume, rno*l hit? web sites create complex hardware architectures m 
which the software and data is distributed ac ross many machines. 

A common architecture you're probably quite familiar with is 
configuring the hardware in layers or “tiers" of functionality. Adding 
more computers to a tier is known as horizontal scaling, and is 
considered one of the best ways to increase throughput. 


Most of the 
software for a big 
web application 
lives in either the 
“Web Tier” or the 
“Business Tier”. 


Wafa hrw 


J 


wm 


Web Server 


Load 

Balancer 


tJB Siw 


Legacy 

Database 


EJB Server 'K 


The '‘Web Tier" or "FVesentation Tier" 
Thu is where the servlets and JSPs live 
As a web site yts more hits, more servers 
can be added to handle the load 


-r- *' Tkit s\ 

^ " B “ww r»» «.<”» “■ 

tsis— 

handle voU£ 
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web ipps 


Web application software can get complicated 

As wc'vc seen, it's very common lor a web application to be made up of 
many different kinds r>f software romponenls. I he web tier frequently 
contains H I'.ML pages. JSP s, servlets, controllers, model i omponents, 
images, and so on. Hie business tier can contain l-j|legacy applications, 
lookup registries, and in most cases database drivers, and databases. 


drivers 

views 

JSPs 

models 


filters 

images 


servlets 

JNDI 


co 


ntrollers 


databases 
EjBs 
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Lucky for us, m have J2EE patterns 

The good news is that .1 lot of people have been using J2KK 
containers to solve the very same problems you’re likely to 
encounter. Thev (bund reoccuring themes in the nature of the 
problems they were dealing with, and they came up with reusable 
solutions to these problems. These design patterns have been 
used, tested, and refined bv other developers, so wn don't hav e to 
reinvent the wheel. 

Common pressures 

I he most important job for a web app is to provide the end user 
with a reliable, useful, and correct experience. In other words, the 
program must satislv th e Junrtional reejummrtit 1 such as “select a 
brer style” or “add malt to my shopping cart". < )nce you've made 
sure that the system supports the use cases, you'll most likely be 
faced with another set of requirements requirements lor what 
happens behind the scenes, i.e. the fl<<w-functinnal requirements. 



What are the “ilities”? 

What are some ol the important non-functional 
requirements ol a system you ve worked on (or 
could imagine working on)? One due is that most 
of the requirements words end with "ility" (for 
example. “matntamab/W/) 


A software design pattern 
is “a repeatable solution 
for a commonly-occuring 
software problem.” 
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Performance (and the "ilities") 

Here are three of the most important non-functional 
requirement* you’re likely to face: 


(?) Performance 

II vour website is too slow, you'll obvioush lose users 
In this chapter, we'll look at how patterns can help an 
individual user experience lastei response time, and how 
patterns can help your system support a greater number 
of simultaneous users throughput) I More on this when 
we discuss tin- Transfer Object 

(2) Modularity 

In order for different pieces of your application to run 
on dillerrnt boxes at the same time, your software is 
going to have to he modular... and modular in just tht 
right ways. 


© Flexibility, Maintainability, and Extensibility 

Flexibility: You need to change your system without 
going through some big development cycle. You 
might need to swap in the ’’limited time, special 
offer" components for .1 big sale. You might find a hug 
in a new component and need to swap in the older 
component temporarily. You need vour system to be 
llr.viblc. 

Maintainability: You might need to 1 hunge database 
vendors, and timlaie vour svstcin oiiirklv. You miolit 
get obscure lings and need to track them down AS.-M*. 
The admins might decide to restructure the company’s 
naming service, and you’ll have to adjust right now! 
You need vour system to be maintainable. 


If J2EE patterns can help 
me solve all of these issues, Til be 
the hero around here. And that could lead 
to more stock options And when we get 
another dot com bubble., those options 
could actually be worth something. 



Extensibility flic guys over in marketing might need 
a new feature to land that big client. Your users might 
demand that you support a brand new feature that their 
brow sers have. Your system had belter he extensible! 
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Aligning our vernaculars... 

All of llieJUKK patterns rely heavily on common software 
design principles you're probably very familiar with. In 
the next few pages, we fling around several terms for these 
design principles. Different people and books might have 
different perspectives on the same terms, so we're giving you 
our definitions now. so that you'll know what u r mean. 

Code to interfaces 

A> you recall, an interface is a kind of a contract between two 
object**. When a ( lass implement* an interface, it's saying in 
effect: "My objects t an speak >om language.'' Another huge 
benefit of interlaces is polymorphism Many classes can 
implement the same interface. I he calling object doesn't 
• are who it's talking to a> long as the contract is upheld. For 
example, the web container can use any component that 
implements the Servlet interlace. 


Separation of Concerns & Cohesion 

We all know that when we specialize the capabilities of our 
software components, they get easier to create, maintain, 
and reuse. A natural lallout of separating concerns is that 
cohesion tends to increase. Cohesion means the degree to 
whit li a class is designed for one. tohtM; f s task or purpose. 


Hide Complexity 

Hiding complexity often goes hand in hand with separating 
concerns. For instance if your system needs to eoittnumicaie 
with a lookup service, it’s best to hide the complexity of that 
operation in a single component, and allow all the other 
components that need access to the lookup service to use 
that specialized component. I his approach simplifies all ol 
the system components that are involved. 
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More design principles... 

Loose Coupling 

Bv their vrry nature, 0() sv sit-in* involve objei is talking to ra< ii other. 
By coding to interlaces, you can reduce the number of tilings that one 
class needs to know about another class to communicate with it, The 
less two classes know about each other, the mon loosely coupled 
ihry are to each other. A very common approach when class A wants 
to use methods in class R is to create an interface between the two. 

(>nce i lass B implements this interface, class A can use class B via the 
interlace. This is useful, because later on you ran use an updated class 
B or even an entirely different class, as long as it upholds the contract 
oi the interface. 


Remote Proxy 

rodny, when a web site grows, the answer is to lash together more 
servers, as opposed to upgrading a single, huge, monolithic server, 
fhe outcome Ls that Java objects on different machines, in their own 
separate heaps, have to communicate with each other. 

Leveraging the power of interlaces, a remote proxy is an object local 
to the “client” object that prrttnds to be a remote object. The proxy 
is remote in that it is remote front the object it is emulating.: The 
client object communicates with the proxy, and the proxy handles 
all the networking complexities of communicating with the actual 
“service” object. As far as the client object is concerned, it’s talking to 
a local object. 


Increase Declarative Control 

Declarative control over applications is a powerful feature of 
J2KE Containers. Most commonly, this declarative control is 
implemented using die application's deployment descriptor nr 
01). Modifying die DO gives us the power to change system 
Itehav iors without changing code. The 00 is an XML file that can 
lx* maintained and updated bv non-programmers. The more that 
we write our web applications to leverage the power of the L)D. die 
more abstract and generic our code becomes. 
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Patterns to support remote model components 

We’ve talked at a very theoretical level about how J2MK patterns t an help simplify 
c omplex web applications. We've also talked about the software design principles 
that underlie J2EE patterns. With that foundation in place, let’s get our feet wet 
by talking about a few nt the simplerj2EE patterns. All three of the patterns we’re 
about to discuss share the goal of making remote model components manageable. 


AFable-- The Beer App Grows 


Once upon a time there was a small dot nun that had a website (ha! offered 
home brewing recipes, advice, ingredients and supplies for beer aficionados. 
Being a small company w ith big plans;, they had only one production server to 
support the site, hut they had created two separate software development teams 
to grow the application, flic first team, known as the ‘Web Designers” focused 
their attentions on the iru components of the system. The second team, 
known as the “Business Team” focused on the ronlmller components Rachel's 
locus), and the model components Kim's area). 
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How the Business Team supports the 
web designers when the MVC components are 
running on one JVM 

As long as tlu- business guys keep the interfaces to their model components 
consistent, everyone will be happy. The two key interface points in then 
design are when the rontnUn fust interacts with a model component isteps I 
and '2 below . and then later, when aJSP new internets w ith the bean it needs 
'steps I and 4 below . 


Getting customer data for a client... 


The diewfc’s "yiCurWrData" re<y*eit 
beir>5 seivt to the model Rachel * need 
It (or this mteefate to be stable 



The JSP uses BL to 
access the Customer 
Bean properties. The web 

designer's need is (or this 
inter+iaee to be stable 


1 Having received a request 
lor customer information, 
the Controller calls the 
ManageCustomer service 
component (a Model) The service 
component does a JDBC call to 
the legacy database, then creates 
a Customer bean {this is NOT an 
EJB. just a plain old JavaBean). 
populated with customer data from 
the database 

2 The Controller adds the 
Customer bean reference to the 
request object, as an attribute 

3 The Controller forwards to 
the View JSP The JSP gets the 
reference to the Customer bean 
from the request object 

4 The View JSP uses EL to get 
the Customer Bean properties 

it needs to satisfy the original 
request. 


746 





patterns and ;t ruts 


How will they handle remote objects? 

I'hings are fairly simple when all the web app components 
model, view, controller arc on the same server, running in 
the same JVM. It’s jnsi plain old Java get a reference, call a 
method. But Kim and Rachel now have to figure out what to 
do when their model components are remote to the web app. 


JNDI and RMI, a quick overview 

Java andj2EE provide mechanisms (hat handle two of the 
most common difficulties that arise when objects need to 
communicate across a network locating remote objects, 
and handling all the low level nctwork/IO communications 
between loc al and remote objects. (In other words, how to 
Jtnd remote objects, and how to invoke their methods.) 


JNDI in a nutshell 

JNDI stands for Java Naming and Directory Interface, 
and it's an API to access naming and directory services. 
JNDI gives a network n centralized location to lind 
things. If you've got objects that you want other 
programs on vout network to find and access, you 
register your objects with JNDI. When some other 
program wants to u.tv your objec ts. that program uses 
JNDI to look them Up. 

JNDI makes relocating components on your network 
easier. Once you've relocated a component, all you need 
to do is tell ~j\lM the new location. That way, other 
client component only need to know how to lind JNDI. 
without knowing where the objects legi.iUred w ith JNDI 
are actually located. 


RMI in a nutshell 

RMI stands for Remote Method Invocation, a 
mechanism that greatly simplifies the process of getting 
objects to communicate across a network. Turn the page 
and we’ll do a quit k refresh, in case you’re a little rusty. 
Wliv think about RMI here? Because it will help make 
two o! the J2EE design patterns easier to understand and 
appreciate. 
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RMI wakes life easy 


You want your objects to communit ate across a network, lit othei words, you want an object in 
one JVM to cause a method invocation on a remote objet t (i.e. an object in a diftirimtJVM /, but 
you want to firetaid that you’re invoking .1 method on a &kW object. That's what RMI gives you 
the ability to pretend (almost) that you’re making a regular old local method call. 


What we want... 


I just want to call a method 
on this object, you know, a 
simple -getCustDataQ" would be 
nice, I do NOT want to do a bunch 
of networking and 10 



How RMI pulls it off 


Client 

Object 


I'm happy to do 
a little extra work up front 
so that remote clients can call 
my methods without having 
to know where I reside 



Server 

Object 


Id s say your “business guy" I 1 . 1 t is on, and you want to make an object available to remote 
clients. Using RMI, you'll create a proxy and you'll register \ 011 r object with some sort of 
registry. Any client who wants to call your methods w ill do .1 lookup on the registry and get a 
copy of the remote puny. Then the client w ill make calls on the remote proxy, pretending it’s 
the real thing The remote proxy n ailed .1 stub . handles all the communications details like 
sockets. I/O streams. TCP/IR serializing and deserializing method arguments and return 
values, handling exceptions, and so forth. 


< )h, by the way, there's usually a proxy on the server side (often called a skeleton , doing 
similar chores on the server side where the remote nhieel lives 


An RMI miracle occurs... 



There are 3 versions 
of ^eiCvstPafjOl 

The remote yronys, 
the skeleton s and 
the server's, which 
is the real one 
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Just a little wore RMI review 

Without doing an entire RMI tutorial,* we ll look at a lew more high level 
RMI topics to make sure we're all talking the same talk. Specifically, we'll 
look at the server side and client side or using RMI. 

RMI on the Server side in 4 steps 

(An overview of the steps to make a remote model 
service that runs on the server) 

Create a remote interface. This is where the signature for methods 
like getCustData() will reside. Roth tin- stub Iproxv i and the actual 
model service (the remote object) w ill implement this interface. 

(g) Create the remote implementation, in oilier words, the 

actual model object that will reside on the model server. This 
includes code that registers the model with a well-known registry 
service such asJ.NDl or the RMI registry. 

( 5 ) Generate tin- stub and possiblv skeleton. RMI provides a compiler 
called rmic that will create the proxies lor you. 

( 4 ) Start/rim the model service (which will register itself with the 
registry and wait lor calk from far-away clients). 

The client side, with and without RMI 

Let’s compare tin - pseudo-code of a client using RMI to the 
pseudo-code of .1 client N( >T using RMI. 

The client without RMI 

pnhl 1 r void gnCI ienr (l | 

tr v. ( 

// get a new Socket 

II get an OutpulStream 
II chain it to an ObjectOutputStream 

II send an opcode & op arguments 
// Gush OS 

// get the InputStream 
II chain it to an ObjeetlnputStream 

II read the return value and/or 
// handle exceptions 

// close stuff 

I II catch and handle remote exceptions 
I 


The client with RMI 

puhlic void gnCtienttl I 

trv t 

* 

// lookup the remote object (stub) 

// call the remote object's method 

) II catch and handle remote exceptions 
I 

*lf you aren t really familiar with RMI, drive to your local bookstore, 
pick up (but don't buy) a copy of Head First Java, and fust read 
the sections on RMI Then put the book back on the shelf, face 
forward, m front of the competing book of your choice Make 
sure that Ihe cover is dusted and don't spill coffee on it 
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Adding RMI and 4NPI to the controller 

Let's locus on what we need to do to keep Rachel’s life- .is simple 
as possible. In other words, what impact does addingJNDl and 
RMI haw on the controller:* 


3 steps to using a remote object 


© 


Kim, the model Riiy. rrgtdrn his model 
component with the / \[)l service. 


(2) When Rachel’s controller nets a request, the 
controller code does .1 JNlJl IooJji/i to get the 
stub prosy for Kim’s remote model service. 
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Sure, the method calls are pretty 
to whnt T wn< doing hrforr when the 
model was local, but I still have to change 
the Controller code to put in the whole JNDI 
lookup. I was hoping for something that would 
let me use the some Controller regardless of 
whether the model is local or remote 


^Sharpen your pencil 


How can this design 
be improved? 

1 - What are the problems with this design (list at least two)? 

2 - How might you change this design to handle those problems? 



;- 

Problems: 


Solution: 
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How about a "go-between" object? 

A common solution to the design problems we left you with is 
to create a new object a single, "go-between" object for the 
controller to talk to rather than having the controller deal directly 
with the remoteness of the remote model. 

Problem 1: Hide the complex JNDI lookup 

II Rachel's controller lets a "go-between" object handle the JNDI 
lookup, the controller code can stay simpler, free front having to 
know where (and how to look up the model. 

Problem 2: Hide “remote-ness complexity” 

If the ‘‘go-between” object can handle talking to the stub, 
Rachels' controller can be shielded from all the remote issues 
including remote exceptions. 
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The "go-between" is a Business delegate 

l.cl’s take .1 look .11 tilt* pseudo-code fin a typical Business Delegate. anti 
at how Business Delegates tend to he deployed in the well container. 

Notice dial ilirrc will he I.OTS of Business Delegates on the weh tier. 

A Business Delegate’s pseudo-code 

II get the request and do a JNDI lookup 
II qet back a stub 

II call to the business method 

II handle s abstract any remote exceptions 

// send the return value to the controller 



/ /JNDI 


(Descnbe where the duplicate 
code exists and how you 
could solve that problem.) 


^Sharpen your pencil 


Uh-oh Duplicate Code Alert. 


Legions of Business Delegates on the 
web server (one per remote model). 


you are here ► 753 



service locator 


Simplify your Business delegates 
with the Service Locator 


Unless ynur Business Delegate* use a Service I/tcator, they 
will have duplicate code ft»r dealing with the lookup service. 


To implement a Service Locator, we'll take all of the logic 
lor doing thcJNDI lookup and move it out of the multiple 
Business Delegates and tufa a single Service Locator. 

Typically inj2EE applications, there will be a number of 
components that all use the samcJNDl service. W hile a 
complex application might use several different registries 
Mti It asJNDt and DDDI (for web service endpoints , an 
individual inmfionrnl will typically need access to only a nr 
registry. In general, it single Service Locator will support a 
single, specific registry. 


A Service Locator’s 
pseudo-code 

// obtain an InitiaiContext object 
II perform remote lookup 
// handle remote issues 
// optionally, cache references 


By making tin Business Delegate an object that handies 
only the business methods rather than ubu handling the 
registry lookup code, von increase the cohesion for the 
Business Delegates. 


Cohesion a increased 
(or all of these 
Business Delegates 


Obtain'^ -the stub 11 

- L I- /4l#/4 Vw 4 k* 
nv<* •» i w*» 

Service Locator All 
the Delegate has 
to do is deal with 
business methods on 
the stub 


\ 

/ 


Business 

Delegate 


Service 

Locator 


Business 

Delegate 


Business 

Delegate 


Service 

Locator 

Cache /- 


Moving the registry affects only 
the single Service Locator object 



Optional cache can 
reduce network calls 


Web Server 
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This whole discussion has assumed RMI; what if 
our company is using CORBA? 


A: 

All of the patterns we re discussing can be 
implemented more or less independently of J2EE 
technologies. Admittedly, they will be easiest to 
implement in J2EE. but they do apply toother situations. 



Is the same thing true for JNDI? 


A: 

Well, there are other Java-related registries 
besides JNDI—RMI and Jim come to mind. Of those 
three, JNDI is probably the best choice for most web 
apps, it's easy and powerful. (Although the authors 
would personally love to see Jini take its rightful plate in 
the distributed world.) You might also be dealing with 
non-Java registries like UDDI. In any case, the patterns 
will still work, even though the code changes, of course. 



It seems like these patterns are forever adding 


a new layer of objects to the architecture. Why is this 


approach so common? 


A: 

j\ You're right that this is a common part of a lot 
of patterns. Assuming that your design is good, think 
about the software design benefits inherent in this 
approach... 



OK, well, cohesion comes to mind... 


A i 

Right! Both the Business Delegate and the 
Service Locator increase the cohesiveness of the 
objects they support. Another driving force is network 
transparency. Adding a layer often shields existing 
objects from being network aware. Then of course, 
closely related to cohesion is separation of concerns. 



Separation of concerns buys me...? 


A • 

Let's take the Service Locator as an example. In 
the event that your registry gets a new network address 
and/or registry interface, it's far easier to modify a single 
Service Locator than change a whole flotilla of Business 
Delegates. In general, separation of concerns buys us a 
lot of flexibility and maintainability. 


In your examples so far, you've taken POJOs 
that were local, and made them remote. Isn't it more 
likely that I'll be faced with integrating existing EJBs 
into my web app? 

A • 

Xi.* By POJOs. we assume you mean "Plain Old 
Java Objects', of course. And yes, it is likely that you'll 
be integrating EJBs into your app. And in fact that's 
yet another reason to use these two patterns... your 
controller (and view) should never have to care whether 
the model is a local JavaBean, a remote POJO, or an 
enterprise JavaBean (EJB). Without using ServiceLocator 
and Business Delegate, that difference means a lot 
enterprise beans and plain old remote objects don't use 
the same lookup code! 

Using these patterns, you can encapsulate the issues 
related to how and where the model is discovered and 
used, and keep the controller happy and clueless, so 
that you won't have to change your controller code 
when the business guys change things and move things 
around on the business tier. You'll update only the 
Service Locator and (possibly) the Business Delegate. 
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Protecting the web designer's JSPs 
from remote model complexity 

Bv using tin- Business Delegate and Service Locator patterns, 
we've got Rachel’* controllers protected I'rom the complexities ol 
remote model components. Now let's see if we can do the same 
lor the web designer's JSPs. 

Quick review of the old non-remote way— the 
JSP uses EL to get info from the local model. 

This diagram should look familiar from earlier in the chapter. 
ThcJSP gets the bean reference from the retptesi object step 1. 
then calls getters on the bean step 4 



l*gj 

Legacy 

Database 


1 Having received a request 
for customer information, 
the Controller calls the 
ManageCustomer model 
component. The model 
component does a remote call 
to the legacy database then 
creates a Customer bean 
populated with customer data 
from the database 

2 The Controller adds the 
Customer reference to the 
request, as an attribute 

3 The controller forwards to 
the View JSP The JSP gets a 
reference to the Customer bean 
from the request object 


$(customer.name} 

4 The View JSP uses EL 
to get the Customer Bean 
properties it needs to satisfy the 
ongtnal request. 
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Compare the local model diagram to Don( 

this remote model diagram Panic! 



The sli.i<l<-<l area in this diagram should look a 
L<) I like the previous diagram, esper■ i;illy if you 
remember that the Business Delegate is pretending 
to lie the Manage Customer model. 


Manage 

Orders 


JNbI 


'Service 

.Locator; 


Manage 

Customer 


Manage 

Customer 


JNDI 

Server 


Business \ 

Delegate,'—< 3 z, 


Controlli 


Models 


Manage 

Customer 


Manage 

Orders 


Manage 

Customer 


Entity 


Customer 


Customer 


£L e*pre«ions a<yjm tye*i you CAN «« 

Kt- aaamrt the VtvB, assw-m^ the bviincS 


Each network call IS 
IOOO times a» e*femive 
as a local "method call^ 


A 6-step review: 

1 Register your services with JNDI 

2 Use Bustnes Delegate and Service Locator to get 
the Manage Customer stub from JNDI 

3 Use the Business Delegate and the stub to get the 
'Customer Bean r , which in this case is another stub 
Return this stub's reference to the controller 


4 Add the Customer stub reference to the request 

5 The controller forwards to the View JSP TheJSP 
gets a reference to the Customer bean (stub) from the 
request object. 

6 The View JSP uses EL to get the Customer Bean 
properties it needs to satisfy the original request. 

BIG NOTE: Every time the JSP invokes a getter, 
the Customer stub makes a network call. 
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JSPs and remote beans 


There's good news and bad news... 

IV previous architecture succeeds in hiding complexiiy liroin l>oili I lie 
controller* and the JSPs. And ii makes good use of (he Business Delegate and 
Service Locator patterns. 

The bad news: 

When it s time for the JSP to get data, there are two problems, both related to the 
fact that tin- bean the JSP is dealing with is aciualb a t tub hi it irniotr ol/jrit. 

1 - All those finegrained nettuork calls are likely to be a big performance hit. 

Think about it. Each EL expression triggers a remote method invocation Not only 
is this a bandwidth/latency issue, but all those calls cause the server some problems 
too. Each call might lead to a separate transaction and database load and possibly 
store!) on the server. 

2 - The JSP b XOT a good place to be handling exceptions dial might occur if the 
remote server crashes. 

Why not have the JSP talk to a plain old bean 
instead of a stub? 


0 : 

If you want the JSP to talk to a JavaBean, where 
will this bean come from? 


A: 

Well, it used to come from the local model/service 
object, so why not have it come from the remote model/ 
service object? 


A : 


How do you get a bean across the network? 


Hey. as long as it s serializable, RMI has no problem 
sending an object across the network. 




So what would this buy us again? 


A: 

First of all, wed have one big network call instead of 
a lot of little ones. Second, since the JSP would be talking 
to a local object, there d be no remote exceptions to worry 
about! 


Wait a minute... I see a little problem here. Or 
maybe a big problem—if you're using a bean on the 
client side, doesn't that bean's data become stale the 
moment it's sent? 

A: 

Yes, you’re right, and this IS a trade-off: 
performance vs. how current the data is. You have to 
decide which makes sense based on your requirements. If 
the data used by your view component must absolutely, 
positively, represent the current state of the database at 

all trmAC tKan unn nppH a rAmnfA fpfprpnrp For pvamnlp 

- . - - / - '■ ........... ......--- . .. - ....... 

If you make three calls, say, getNameO, getAddressO, and 
getPhoned on customer, you'll probably decide that this 
information doesn't change rapidly enough to make it 
worth going back to the database {via the remote object) 
just in case the customer's phone number changed IN 
BETWEEN the call to getNameO and getAddressO- 

On the other hand, you might decide that in a highly 
dynamic environment, where a customer is making 
transactions 24/7, you DO need to show the most up-to- 
date info. Sending a JavaBean back for the client means 
the View would have a snapshot of the database at the 
moment the bean was populated, but since the bean has 
no connection to the database, the data begins to go stale 
immediately. 
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Tim for a Transfer Object? 


If it's likely that a business service might lie asked to send or receive all or most of 
its data in a big, coarse-grained message, it's common for that service to provide 
that feature in its API. Commonly, the business service creates a serializable Java 
object that contains lots of instance variables. Sun calls this object a Transfer 
Object Outside ol Sun there is a pattern called Data Transfer Object ( aicss what? 
They’re the same thing. Yeah, we feed the same way about that.I 


/ 


\ 


getCustPatad ~> 


Business 

Delegate 


Manage 

Customer 

Stub 


<~ 



Serialized 

Transfer 

Object 




Remote 

Server 


\ 

) 

J 


Manage 

Customer 


The client’s perspective, inside 
the Business Delegate: 

The beJn/T*-an»fer Objetl bfpe 

try I / 




Revest tht Tracer 
Ob/ti from the sU> 



Customer c - cur.ti'itub.getCuatData (custTD) ; 

) catch iRemoteException re) j 

thj >w new CustomerException(); \ r . . 

catth remote exeefbow and wrap 

them m a higher level e*£epiio* 

I'l. :> i ’..a..- -- - .k. T~.„.c™ <w:... i 1 . ~„,i 

1 Hill >11 U IIUI I till » tnt I >, till l I .lll>H I V #11 jl I I 1> >t | 1st 11/. t U. Mupjnu, *11111 

deserialized on to the client's localJVM heap. At that point, it is just like any 
other local hean. 


- 

H ’—J The data t 
Object gr< 


The data In a Transfer 
Object grows stale! 

Once it s shipped across the network, the Transfer 
Obiccl is completely out of touch with its source ». 
SCns KM ou, of sync w »»*»» “> » 
data in the underlying database You II have to 
decide for each use case whether data integrity 
synchronization is worth the performance Ms. 
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service locator vs. business delegate 


Service Locator 3 Md business PclGQSte Listen in as om two black-belts debate which 

both simplify model components pal Uni is better—Service Locator or Business 

Delegate. 


Service 

Locator 

Jt 

in 


* 

. Business 
| Delegate 


* ’SJ 

r h 



m 



Scrviir Locator i* the superiot pattern. First of all, 
unlike the Business Delegate, one Service Locator 
instance can siip|Hirt an enlire application tier. 


Service Locator is more efficient with network calls. 
It can cache references to stubs or service stubs once 
it has located them, reducing network traffic for 
subsequent calls. 


Heavy burden? Your simple business data does not 
impress me. 


Alt. maybe programmers do benefit, but your simple 
pattern seems to forget that it often exists in a network 
environment. It will moke ninny calls to business 
services with no restraint, no consideration for the 
oner/lrilil of remote calls. 


Yes, yes, your weak pattern needs as \isinner, we all 
know that. But when you partner with a Transfer 
Object other demons can haunt you... you haven't 
forgotten yout little problems w ith data staleness and 
concurrency, have you? 


That’s true, but Service Locator needs to talk to only 
one remote entity. Business Delegate must handle mail 
entity objei Is. 


With much respect, you are forgetting that 
Service Locator has a much easier task. The 
Business Delegate must carry the heavy burden ol 
communicating with a dynamic object, whose data 
might change at any moment. 

A Business Delegate gives writ application 
programmers much more benefit than your Service 
Locator. 


Ah ha! The Business Delegate is not ashamed to 
form an alliance with the Transfer < )bjcct! Working 
as a team, they help the programmer AMD minimize 
remote calls. 


No, I haven’t fin gotten. But w hen these issues come 
up they can be solved. You cannot expect to achieve 
great things without a little extra effort... not hi ug in 
J2LK is ever black and white. 
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Business tier patterns: quick review 


To wrap up our clisrusMon of luisiitm tier patterns, here's a 
diagram that shows a Business Delegate, a Service I .oca tor. 
and a Transfer Object in action. At the end of the chapter 



you'll find a couple of summary pages for these patterns and 
the presentation tier patterns we’ll discuss next. 


/ Manage 
Orders 


JNDI 


I Service 

\ Locator 
V A 


Manage 

Customer 


JNDI 

Server 


Manage 

Customer 


Controller, 


Models 


Manage 

Customer 


Manage 

Orders 


Manage 

Customer 


Entity 


/VransfeA 
1 Objecl ) 


Customer 


View 


1 Register your services with JNDI 4 Add the bean's reference to the request 


Database 


2 Use Business Delegate and Service 5 The controller forwards to the View JSP 

Locator to get the Manage Customer stub The JSP gets the reference to the Customer 

from JNDI Transfer Object bean from the request object 


3 Use the Business Delegate and the 6 The View JSP uses EL to get the Customer 

stub to get the "Customer Bean', which Transfer Object Bean's properties it needs to 

in this case is a Transfer Object Return satisfy the ongmal request 
this Transfer Object s reference to the 
controller 


you are here ► 761 





MVC app 


Our very first pattern revisited... MVC 


As luck would have it. the very same pattern we've been using in 
the book is on the exam. The last two patterns we're rovering 
are presentation tier patterns, as was the Intercepting Filler. 

First we'll pick up where we left oil talking about MVC. That 
discussion will lead us into Struts and finally Front Controller. 

Where we left off... 

Let's do a quick rev iew of where 
we left off in c hapter 2. 


MODEL 

Holds the reol business logic ond the 
state. In other words, it knows the 
rules for getting and updating state. 

A Shopping Cart’s contents (ond the 
rules tor what to do with it) would be 
part of the Model in MVC 

It's the only port of the application 
that talks to the database 


CONTROLLER 

Takes user input from the request 
and figures out what it means to 
the model. 

Tells the model to update itself, 
makes the model state available . 
for the view (the JSP) and / 
forwards to the JSP 


Servlet 



Controller 



Model 



View 


VIEW 

Responsible for the presentation. It 
gets the state of the model from the 
Controller (although not directly; the 
Controller puts the model data in a 
place where the View can find it). 


Off Track- GUI MVC vs Web MVC 

MVC existed before the World Wide Web 
came along, lu its first incarnation, MVC was 
a <ii*Mgn in simplify complex Cl 1 applications. 
First created in Smalltalk, one of MVC’s chief 
attributes was that the Mew would he notified 
automatically of changes to the Model. 

More recently; MVC has been used on the 
web, even t bough the Vie vs is in the browser 
and cannot be automatii ally updated when the 
Model changes in the web tier. < )ur focus is 
entirely on the web version of MVC. 

Finally, we're always talking about MVC, 
model 2. never the older Model I or 1.5 

MVC*. 
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MVC in a real web app 

Way bark in chapter two, w<- left you with a “Flex your mind" exercise about potential 
problems with our Dating App MVC architecture. Let's review where we left oil' and 
get around to answering the question that’s certainly been haunting yon for all these 
chapters: what could possibly be better than MVC? 

For each browser use case, there will be a corresponding set of Model, Mew, and 
Controller components, which might be mixed and matched and recombined in many 
different ways from use case to uses case. 

The problem wc had in the dating app was that we had many specialized controllers, 
which sounded good from an DO perspective, but left us with duplicate code across 
all the different controllers in our app. and didn't give us a nice happy feeling about 
maintainability and flexibility. 

A single MVC app will have many models, views, and controllers. 



Update 

Address 


Controll 


Model 


Manage 

Customer 


Print 

Statement 


/ And seriously, take a close look 
at that controller code. It's all over 
the place, handling requests, dealing 
with the model, dispatching, forwarding 
I mean—just what IS the controller's 
job?? A controller doesn't look very 
s. cohesive to me J 


f I hate the way my ‘—\ 

MVC app has so many 
different controllers, with oil the 
duplicate code... but I don't want 
to go back to one monolithic 
“1 massive serviet handiing aii the 
\ different use cases . 
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Looking at the MVC controller 

Let’* sfi* if w<- agree with what's been said about controllers. First, 
a reminder about the controller servlet’s joh: 


Pseudo-code for a generic MVC controller 

public clasts CoritrollerServlet extends HttpServlet | 

public void doPost(request, response) | 

© String c =• req.getParameter ("srartDate"); 

// do a data conversion on the date parameter 

II validate that date is in range 

II it any errors happen in validation, 

II forward to hardcoded "retry" JSP 


Deal with the 

request parameters 




II invoke the hardcoded model component (s) 


II add model resuits to the request obi. 
II (maybe a reference to a bean) 


Deal with the model 


© II dispatch to the view JSP Deal with the view 

II (of course it's hard coded) 

I 

J 


^Sharpen your pencil- 

What principles does this 
component violate? 

List three or more software design pnndples 
this pseudo-code violates 
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Improving the MVC controllers 

Besides a lack of cohesiveness, the controller is also lightly 
coupled to the model and the view components. And there’s yet 
another Duplicate Code Alert here. How can we fix things? 

The controller’s A better way to 

three main tasks handle it? 


© 

Get and deal with the 

request parameters 

Give this task to a separate form validation component that can get 
the form parameters, convert them, validate them, handle validation 
errors, and create an object to hold the parameter values 

© 

Invoke the model 

Hmmm... we don t like hard-coding the model into the controller, so 
maybe we could do it declaratively, listing a bunch of models in our 
own custom deployment descriptor that the controller could read 
and, based on the request, figure out which model(s) to use, 

© 

Dispatch to the View 

Why not make this declarative as well? That way. based on the 
request URL, the controller can tell (from our custom deployment 
descriptor) which view to dispatch to. 


New and (shorter) controller pseudo-code 

public class ControlJerServlet extends HttpServlet ( 


public void doPost(request, response) ( 

// call a validation component declaratively 
II (have it handle validation errors too!) 

II declaratively Invoke a request processing 
II component, to call a Model component 

// dispatch to the view JSP declaratively 
I 

1 



o 

0 



Controller 
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designing a ontroUer 


Pesigniiig oor fantasy controller 

Lh's do another one of our novr-iul.imous 

.in liiliTtilral diagrams to set* what this controller 

and its support components might look like. 



Request 


1 Having received a request, the Controller 
locates the correct Form Validation 
Component in the Declarations XML file The 
Controller invokes the Form validator, sending it 
the request If the validator finds any errors it 
tells the controller which view to return 





Model 


2 Using the Declarations XML file, the 
Controller locates and invokes the Request 
Action Component component, which invokes 
the model 

3 Using the Declarations XML file , the 
Controller locates and invokes the View. 


View 


Wait a minute... 

I've seen this before, 
you're trying to disguise 
STRUTS! 


o 

o 



Controller 
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Yes! It's Struts in a nutshell 


()l>viou$ly (hit is an overview, anti we’ve left out pretty much 
all of the details, hut this is the basic idea behind the Struts 


framework. Let’s look at a few more details, starting with the 
fact that we’ve changed all the names... 


Request 


, struts-config 
xml 



.O 




/ 


Action 

Servlet 


3b 


Form 

Bean 



Action 

Object 


Key Struts Components 

Action Servlet - You’ll need only one of these jut application 
Best of all, you don’t even have to write it. Struts provides it 



View 



o 

Model 


Form Beans - You’ll write one ol these for each HTML form 
yuui app needs to process. I hey are Java beam. and once the Struts 
Ai tiou Servlet has called the setters on the form bean (to populate 
the oeatl with jortil parameter*), li will call the brail's \.did.lie 
method. This is a great place to pul data conversion and error 
handling logic. 


Action Objects - Generally, an action maps to a siugh activity in 
a use-case. It has .1 call-back-like method called executeQ. whit It 
i' a great plai e to grt the validated form pararns, and call model 
components. Think of the Action object as kind of a “servlet lilt-”. 


struts-config.xml - This is the Snuis-spccific deployment 
deseriptor. In it you’ll map request URL*» to Actions. Actions 
to Form beans and Actions to views 



o 

Controller 
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1$ Struts a container? 

Offic ially, Struts is considered a framework. 

Frameworks are collections ol interfaces and c lasses that 
are designed to work together to handle a particular type 
of problem. In the case of Struts, the problem space is web 
applications. The goal of a framework is to “aid programmers in 
the development and maintenance of complex applications" 

So. Struts isn't a container, but in some ways it arts like one. 


Top five ways Struts is like a 
servlets container 

1 Declarative: They both use an XML file to 
configure the application declaratively 

2 Lifecycle: They both provide lifecycles for 
predetermined types of objects 

3 Callbacks: They both perform automatic 
callbacks of key lifecycle methods 

4 APIs: They both provide APIs for key types of 
objects that are supported 

5 Application Control: They both provide a 
controlled environment in which your application runs 
They are your application s window to the outside world 


I feel an analogy coming 
on... you've said Struts has “call 
back" methods and a deployment 
descriptor. So is Struts like o 
V mini-container? ___ 


/ In Struts. I’ve 
been promoted to 
"Action Servlet" Sometimes 
I'm also referred to as a Front 
Controller. (That's on the 
\ exam, by the way) 




i)aL. There is nothing about Struts on 
the exam! 

You ARE expected to know the purpose 
and function of a Front Controller (and Stmts is just a 
tncked-out Front Controller), but you will not have any 
questions about the Struts framework So. you can 
relax and follow along without having to memorize 
every picky detail. 


Action 

Servlet 
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How does Front Controller fit in? 

Oil yeah. Front (lunlmllei is anothei J2KK pattern, anti it just happens to be on the exam. 
Actually. Strtits is a really fancy example of using a Front Controller pattern. The bask 
idea of the Front Controller pattern is that a single component, usually a servlet but possibly 
aJM*. acts as tbe single control point for the presentation tier of a web application. With the 
Front Controller pattern, all of the app's requests go through a single controller, which handles 
dispatching die request to the appropriate places. 

In the real world, it's rare to implement a Front Controller all by itself. Even a really simple 
implementation usually includes another J2EE pattern called an Application Controller 
Struts includes a class called the RequestFrocessoc, which is ultimately responsible Ibi the 
handling of HTTP requests. 

Although the exam might contain questions about the Front Controller pattern, you’ll 
be fine ir you remember the lienefits of Struts, ami the fact that Struts is simply a Front 
Controller with all the bells and whistles. 

Eight features that Struts adds to a Front Controller 

1 Declarative Control: Stmts allows you to create declarative maps between request 
URLs, validation objects, model-invoking objects, and views. 

2 Automated Request Dispatching: The Action execute() method returns a symbolic 
ActionForward which tells the ActionServlet which view to dispatch to This provides another layer 
of abstraction (and loose coupling) between the controller and view components 

3 DataSources: Struts can provide DataSource management 

4 Custom Tags: Struts provides dozens of custom tags 

5 Internationalization Support: Error classes and custom tags have 

internationalization support 

6 Declarative Validation: Struts provides a validation framework that removes the need 
to code the validate method in your form beans The rules for validating a form are configured in 
an XML file and can be changed without affecting your form bean code. 

7 Global exception handling: Struts provides a declarative error handling mechanism 
similar to <error-page> in the DD However with Struts the exceptions can be speafic to the 
application code in your Action object 


8 Plug-ins: Struts provides a Plugin interface with two methods imt() and destroy)) You can 
create your own plug-ins to enhance your Struts application, and they will be managed for you. 
For example, the Validator framework is initialized using a plug-in 
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Refactoring the Peer app for Struts 

Enough theory, let's write a Struts app. First olf. let’s rev iew 
our MVC Beer app front chapter 3. The only rude that's 
going to change when we refactor to Struts is related to the 
MVC controller. iThe model and view are not affected.) 



Controller, 

BeerSelect 


1 Having received a request, the Controller performs 
valuation of the user form data 

2 The Controller invokes the Model component 

3 The Controller forwards to the View 


( 3 ) 


Beer Expert 



resul t.jsp 

MVC controller code 
(from chapter 3) 


package com.exanqle.web; 
import com.example.model.•; 
import javax.servlet. 4 ; 
impc'tl javax.servlet.http.•; 
import java.io.*; 
import java.util.*; 


public class BeerSelect extends HttpServlet ( 
public V'.id doPost (HttpServletRequest request, 

HttpServletP.espense response) 
throws IOException, ServletException l 

A lot of forrr. 

SLtiny u = request, .yetParameter (“colux") ; __validation ijom^ un here 


) 


) 


BeerExport be = now BeerExpeit(); 
hist result - be.getBrands(c); 



request.setAttribute("styles", result); 
RequestDispatcher disp - 

request.gotRequestDispatcher("result.jsp") 
disp.forward(request, response); 

I 


Invoke the model 




Forced To the hardcoded View 
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The Struts Peer app architecture 

Here's the Beer :ipp architecture, all clone ii|> in Struts... 



struts-config.xml 



Model ^ 

BeerExpert 


1 Having received a request, the 
ActionServlet locates the correct form 
bean using the stnjts-config.xml file The 
ActionServlet invokes the form bean s validation 
logic If the form bean finds any errors it 
populates an ActionErrors object 

2 Using the struts-oonfig.xml file the 
ActionServlet locates and invokes the Action 
object, which Invokes the model and returns an 
ActionForward object to the ActionServlet 

3 Having previously extracted the necessary 
mappings from struts-oonfig xml the 
ActionServlet uses the ActionForward object to 
dispatch to the correct view component 



result.jsp 




Well, 0 £. the view *wll* charge 

a Struts *?? por °"* \ K '^' 
Strut* yrov.de* a library that 
prov.de* a <hb-tetror*/». that 
/4.<oUsm The £cm» bean validator 
error* Also, the HTML U, Mjrary 
provide* tay that depopulate the 
(orm on an error 
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A form bean exposed 

Remember, the liirm bean's job i> to validate 
the user's form params. A nice benefit of 
Struts is that a validation step is built ritjln 
into the architecture. 






/'•"N 

Model 

afMtrl 


package com.example.web; 

// Struts imports 

irnport org.apache.struts.action.ActlonMappinq; 
import org.apache.struts.action.Act 1 onForm; 
.mport org.apa :he.struts.action.ActiemMessage; 
import org.apache.st ruts.action.ActionErrors; 

import javax.servlet.http.HttpServletRequest; 

public class BeerSelectForm extends ActionFonn 

private String color; 
public void setColor(String color! I 
this.color = color; 

I 

public String getColorO ( 
return color; 


an 

J9 

ru.uM ( if> 


form beans «*tend 

AdtionForm 


Usually, Y 0M " r 

bears to hive odrte« and setters 

(or all of -the tore, paries 


J L - IQW.Q^yT/lff a nil. 

private static final String VALID_COLORS - "amber, dark, light,brown"; *\ | 

public ActionErrors validate (ActionMapping mapping, Struts proride* 

HttpServletRequest request) [ J Aebon^*«rs b, 

manage validation 
err on 


ActionErrors errors = new ActionErrors(>; 


if ( VALIL' COLORS. indexOf < color) == -1 ) ( 

errors.add(*coi r", new Acti •nMessage("error.colorField.notValid")), 

) 


return errors; 


The AdtionError don strut tor takes 
a String that is a symbol it key into 
a resoorte bundle This is done to 
(atilitate internationalization 
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How aw Action object ticks 


The Action object is mainly a dispatcher It is 
invoked by the ActiunServlet, which calls the 
Action object's executcQ method. 



package com.example.web; 

// Model Imports 

import corn.example .model. •; 

import java.util.*; 



// Struts imports 

import org.apache.struts.action.Action; 
import org.apache.struts.action.ActionMapping; 
import org.apache.struts.action.ActionForm; 
import org.apache.struts.action.ActionForward; 

// Servlet imports 

import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletReaponse^/ 

public class BeerSelectAction extends Action ( 


^o\\rn 
hti 


Sent fro*. the Att-onServlet, so 
.J_1L. ' * L - 


publ. Act:-iiF :ward execute(ActionMapping mapping, ActionForm form, 

HttpServletRequest request, 
HttpServletResponse response) | 

// Cast the form to the application-specific form 

BeerSelectFom ssyFons. ~ (Beer3<! 1 set F‘jns) form; 


Provides access to the 
validated user for*. para** 


// Process the business logic . 

BeerExpert be - new BeerExpert!); Send.*} a user tor* para» 

List result = be.getBrands (myFonn.getColor 0 ); ^_—to the i»odel Component 

II Forward to the Results view 

II land store the data in the request-scope) 

request. seLALtribute ("styles", result); The e^te „rthod returns a* 

ActForward to the ActionServlet 
that directs Strut* to dispatch to the 
next appropriate view These symbolic 
"forwards" are declared m the struts- 
Confl^Xml file 


return mapping.findForward("show_results"); 
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struts-config.xml: 
tying it all together 

Tl»t* siniK-tonfig.Ninl file i*i analogous to 
lilt* 1)D. You r.m actually < ;ill it whatever 
you want, although struts-config.xml is 
its conventional name. Similar tit the 1)D, 
this file is where you'll declare and map 
Struts components in your welt app. This 
mechanism helps ymir application bermne 
more loosely coupled. 



-?xml version="l.0" encoding="ISO-9959-l" ?> 

<! DOCTYPE struts-config PUBLIC 

"-//Apache Software Fuundat 

"http://struts.apache.org/dtds/struts-config_l_3.dtd" • 


< st ruts-config> 

<form-beans> 

<form-bean name="selectBeerForm" 

type-"com.example.web.BeorSelectForm" /> 

</form-beans> M 


The <(orm-bean> element declares the 

r bolic name and clast o( a (orm bean 

^ !Ct 


<action-mappings> # 

set ; n path="/SelgctBeer" 

t ype="com. sample. web. Beer SeiectAcc ion” 

name="selectBeerForm" scope-"request" 
validate="true" input="/form.jsp" - 


<forward name-"show_results" 
pat h-"/resu11.jsp" / • 

</action> 

</action-mappings> 


/\n <act»on> element mays the URL path 
to the Controller class, notice that 
the do extension (or the path is SOT 
included in the Struts Configuration 


The <act>on> also associates a (orm bean 
with the action. Thu it <pefi(ied by tKr 
symbolic (orm bean name Struts will Create 
this bean and store rt in the specified scope 
|( validation occurs and errors are returned 
from the validate method, then the input 
attribute declares the l/iew responsible (or 
displaying the error message, this is usually 
the (orm that submitted this action 


The <(omard> element creates a mapping between 
the symbolic view name, used by the Action object, 
and the physical path to the View component 


<message-resources parameter 
< /struts-config> 


"AppiicationResources" / 
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Specifying Struts in the web.xwl PP 

As far as the C'onlainot is concerned, the Ac tiottSenlel is just 
another servlet. So, you have to declare it and make sure all 
of the web a|>|)'s requests are mapped to it. 


<web-app xmlns="http: / / j ava.sun.com/xml/ns/j2ee" 

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 

xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 

version-"?.4"> 

Namini} the ActionServlet 'TrontController’’ 
isn’t reclined, but it’ll help rewind you of 
its purpose in the app 

net 'let-name FrontController 'setvlet-nam*- 
•'servlet-class -org.apache.struts.act ion.ActionServlet</servlet-class> 


<!— Deline the controller servlet ->u 
<servlet> 


<!-- Name the struts configuration file -> ^ ... ^ par<Jw ^ ^ fc t<wServW . 

^plr^-n^B config /param-name> wKere ** ( '* A tKe f ' le 

<param-value>/WEB-INF/struts-config.xml' /param-value> 

</init.-parani> 


<!— Guarantee that this servlet is loaded on startup. —> 


<load-on-startup>l</load-on-st*rtup> 

</servlet> 


<!-- The Struts controller mapping --> 

•'servlet -mapp inq- 

<servlet-naDie>FrontControllerc/servlet-name> 
<url-pattern *.do-/url-pattern> 
</serYi5t-!Bapping> 

• — enp: The struts conti ma f — 


</web-app> 



The AttionServlet has a t owplen 
imt method, you better load this 
servlet at startup 

WovJ This one servlet IS to 

handle ALL of this app’s requests 
(assuming you name the request 
UKLs with a '’ do” extension) 


You should name 
the Struts DD 

“struts-config.xml” 

And if you do NOT then in your web xml DD, 
vou MUST declare an mil-param ‘config , 
to define the name of the Struts DO JI you 
DO use the name ■struts-config.xml hen 
Struts will Tmd it automatically, without an 
in,(-parameter, but it s still considered good 
practice" to declare it in the DD. 
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Install Struts, and Just Run It! 

Installing Struts is. simple. 

The links and versions mentioned on this page were current at the 
time of this writing. Which is no help at all foi you. hut means 
simply: we hen t no idea what thugs u ill be tike I m the tiuu you ran! this, 
bul it r gave it nut best shot myivav. 


Six easy steps to installing Struts 

© Crank up your browser and navigate to: 

http://struts.apache.org/dovmloads.html 



Front the CJeneral Availability list, click on the latest Struts vl.T* link: 



(.'.boose thi-.JAR tile you desire. The smallest JAR is the library-only version 

struts-l.3.8-lib.zip 



1>< nuiload the zip file to a temporary direr tors: 



Unzip the file which unpacks to; 

struts-l.3.8/ 

NOTICE.txt 
lib/ 

struts-core-1.3.8.jar 
struts-taglib-1.3.8.jar 
cotnroons-beanutils-1.7.0.jar 
commons-digester.jar 
CC225CRS-Chain-1.1. J—X* 



Copy the five JAR files listed in step 5 to the webapp's 

WF.B-INF/lib/ directory: 



FA 1: make sure that there is a copy of Struts core JAR file in 
your classpath when you compile your form beans and action objects, 
i Remember, the ActionServlet front eontrollet is created for you 
automatically.) 
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Creating the deployment environment 


This is rhc directory structure you will create to run the 
Struts version of the Beer app. 
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business delegate 


Patterns review for the SCWCP 

We’ve covered a lot uf patterns in the last two i hapiers. 

The next few pages pull together a lot of the details 
you'll want to study for the SC'WCD exam. 


business delegate 


Use the Business Delegate pattern to shield your 
web tier controllers from the fact that some of 


your app’s model components are remote. 



;Controlle 


Manage 
Customer! 

/Business\ 
l lelegat 


vice! 

.Locator/ 


(Stub) 


Manage 

Customer 


N 


54 


Business Delegate features 

Acts as a proxy implementing the remote service's 


Initiates communications wtth a remote service 
Handles communication details and exceptions 
Receives requests from a controller component 
Translates the request and forwards it to the business 
service (via the stub) 

Translates the response and returns it to the 
controller component 

By handling the details of remote component lookup 
and communications, allows controllers to be more 
cohesive 


r— Business Delegate principles - 

■ The Business delegate is based on 

■ hiding complexity 

■ coding to interfaces 

■ loose coupling 

■ separation of concerns 

■ Minimizes the impact on the web tier when changes 
occur on the business tier 

■ Reduces coupling between tiers 

• Adds a layer to the app. which increases complexity. 

■ Method calls to the Business Delegate should be 
coarse-grained to reduce network traffic. 
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Service Locator 


Use the Service Locator pattern to perform 
registry lookups so you can simplify all of 
the other components (such as Business 
Delegates) that have to do JNDI (or other 
registry types) lookups. 


Manage 

Customer s' 

■' ' \ 

/ Business | 
'^Delegate; 


,^Service\ 

Locator 



JNDI 

Server 
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Service Locator features 

Obtains ImtialContext objects 
Performs registry iookups 
Handles communication details and exceptions. 
Can improve performance by caching previously 
obtained references 

Works with a vanety of registnes such as 
JNDI, RMI UDDI and COS naming. 


— Service Locator principles - 

■ The Service Locator is based on 

■ hiding complexity 

■ separation of concerns 

• Minimizes the impact on the web tier when remote 
components change locations or containers 

■ Reduces coupling between tiers 
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Transfer Object 


Use the Transfer Object pattern to 
minimize network traffic by providing 
a local representation of a fine-grained 
remote component (usually an entity). 


Manage 

Customer 





— Transfer Objerf fundions 

■ Provides a local representation of a remote entity 

f • m nn mnmlninn rlntA ntn I 

\i.v.. on uujtrui uioi i non non aunrc uoio auau?/. 

■ Minimizes network traffic 

■ Can follow Java bean conventions so that it can be 
easily accessed by other objects 

■ Implemented as a senaltzable object so that it can 
move across the network 

■ Typically easily accessible by view components. 


— Transfer Object principles - 

■ The Transfer Object is based on' 

■ reducing network traffic 

■ Minimizes the performance impact on the web tier 
when remote components data is accessed with 
fine-grained calls 

■ Reduces coupling between hers. 

• A drawback is that components accessing the 

Transfer Object can receive out-of-date data, because 
the Transfer Objects data is realty representing state 
that's stored somewhere else 

■ Making updatable Transfer Ob|ects concurrency-safe 
is typically complex 
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Intercepting Filter 

Use the Intercepting Filter pattern to modify 
requests being sent to servlets, or to modify' 
responses being sent to users. 


and 

oilied t hro»*y a bl« r O'* 



Filter 


54 


Intercepting Filter functions 

Can intercept and/or modify requests before they 


raos'h tko c/in/lcat 

IUWUH II ru otJlVIQt 


Can intercept and/or modify responses before they 
are returned to the client. 

Filters are deployed dedaratively using the DD 
Filters are modular so that they can be executed in 
chains 

Filters have lifecycles managed by the Container 
Filters must implement Container callback methods 


Intercepting Filter principles - 

■ The Intercepting Filter is based on: 

■ oobosion 

■ loose coupling 

■ increasing declarative control 

■ Declarative control allows Filters to be easily 
implemented on either a temporary or permanent 
basis. 

• Declarative control allows the sequence of invocation 
to be easily updated 
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Model, View, Controller (MVC) 

Use the MVC pattern to create a logical structure 
that separates the code into three basic types of 
components (Model, View, Controller) in your 
application. This increases the cohesiveness of 
each component and allows for greater reusability, 
especially with model components. 



5 * 


Model, View, Controller features 

Views can change independently from controllers and 


inuueid. 


Model components hide internal details (data 
structures), from the view and controller components 
If the model adheres to a stnct contract (interface), 
then these components can be reused in other 
application areas such as GUIs or J2ME 
Separation of model code from controller code 
allows for easier migration to using remote business 
components. 


— Model, View, Controller principles — 

• Model View, Controller is based on 

■ separation of concerns 

■ loose couplings 

■ Increases cohesion in individual components 

■ Increases the overall complexity of the application. 
(This is true because even though individual 
components become more cohesive, MVC adds 
many new components to the application) 

■ Minimizes the impact of changes in other tiers of the 
application 
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Front Controller 

Use the Front Controller pattern to 
gather common, often redundant, request 



5 * 


Front Controller features 

Centralizes a web app s initial request handling tasks 
Hi a single Component 

Using the Front Controller with other patterns can 
provide loose coupling by making presentation tier 
dispatching declarative 

A drawback of Front Controller (on its own without 
Stmts) Is that it's very barebones compared to Struts 
To create a reasonable application from scratch 
using the Front Controller pattern, you would end up 
rewnting many of the features already found In Stmts 


Front Controller principles - 

• The Front Controller is based on 

■ hiding complexity 

■ separation of concerns 

■ loose coupling 

■ Increases cohesion in application controller 
components. 

■ Decreases the overall complexity of the application 

■ Increases the maintainability of the infrastructure 
code 
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(iivcn this list of attributes; 

- related to Intercepting Filter 

- supports role separation between developers 

- adds reusability 

Which design pattern is being described 
LJ A. Transfer Object 

□ B. Service Locator 

□ C. Front Controller 

□ 1). Business Delegate 


The design of your web application calls for certain security measures to be 
taken for every request received. Some of these security checks will be applied, 
regardless of the type of request. 

Which design pattern tan be used in achieve this design requirement? 

LJ A. Transfer ( Hjject 
LJ B, Service Locator 
LJ C Composite Entity 
LJ I). Business Delegate 
□ F. Intercepting Filler 


Your company wants to leverage its distributed silos. Your jolt is to 
seamlessly integrate your application's web service endpoints with its DAOs. 
In addition, your coarse-grained Controller Locators must be enhanced to 
support J2ME. UDD1 registries. 

Which design pattern ran be used to achieve these design requirements? 

Q A. Domain Activator 
LJ B. Intercepting Observer 
LJ C. Composite Delegate 
U D. transfer Facade 
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This statement describes the potential benefits of a design pattern: 

The pattern reduces network roundtrips between a client and on Enterprise 
Bean, find gives the client u local copy of the data encapsulated by an 
Enterprise Bean aftet a single method call, instead of requiring several method 
calls. Whidi design pattern is being described? 

Q A. Transfer object 
□ B. Intercepting Filter 
CD C. Model-View-Controller 
U I). Business Delegate 


Your company, Models "R Us, is creating an advanced inventory maximization 
component that can Ijc used with all major J2EE container vendors. Your job 
is to design the piece of this component that will perform JN1J1 lookups with 
whatever vendor the client is using. 

W hat design pattern can help you accomplish this task; 1 

LJ A. Transfer object 

□ B. Intercepting Filter 

□ C. Model-Mew'-Controller 

□ 1) Business Delegate 

□ E. Service Locatoi 


While fine tuning your multi-tieredJ2EE business application, you’ve discovered 
that you'd get better performance if you reduced the number of remote 
requests your app makes, and increased the amount of data collected for each 
request you make, 

What design pattern should you consider to implement this change in your 
application? 

O A. Transfer object 
□ B. Service Locator 
Q C. Front Controller 
Q D Intercepting filter 
O E. Model-View -Controller 
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(liven this list of attributes: 

• related to Service laxutoi 

- reduces i otiphng 

- can add a layer and sonic complexity 

Which design pattern is being described? 
Ll A. Transfer Object 
□ B. Front Controller 
Q Business Delegate 
Q D. Intercepting Filter 
—1 E. Model-View-Controller 


Your web application uses a SessionBcan component in a distributed application to 
make .1 specialized calculation, such its validating creel it-card numbers. However, you 
want to shield your web components from the code involved with looking up the 
Session Bean component and using its interface. You want to decouple local application 
classes from the broking up and use of the distributed component, whose interface 
11 mid change. Which.J2EE design pattern can you use in this ease? 

LJ A. Transfer object. 

□ B. Servic e Locator. 

C3 C. Model-View-Controller. 

□ D. Business Delegate. 


(liven this list of attributes' 

- related to Business Delegate 

- improves network performance 

- can improve client performance through caching 

Whit h design pattern is being described? 

Q A. Transfer Object 
B. Service I/K'atoi 
Q C. Front Controller 
Q I). Intercepting Filter 
Q E. Modcl-Yiew-Conlrollcr 
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Ciivni litis list of attributes: 

- related to Intercepting Filter 

• supports role separation between developers 

- adds reusability 


(Core s)2£fc PatW- M ,80) 


Which design pattern is being descrilied? 

_] A- Transfer Object 

□ B. Nervier ImW _ Tk „ (j.o,) k«tf> tl* 

la From Comrollci tasks prrfor-Ml ty Jwkutio. d<«otoy«ss *">" <* 

□ I). Business Delete W>ks F" f « r - t<1 b t d "' y *” 


2 


I’lte design of your web application t ails lor certain set urity measures to be 
taken for every request received. Some of these security checks will be applied, 
regardless of the type of retpiest. 


Whit It design pattern can be used to achieve this design requirement? 
Q A. t ransfer Object 
Q B. Service Locator 
□ C. Composite Entity 
^ ]). Business Delegate 
^ F.. Intercepting Filler 


-The Intereeptm} Filter « a yod tho.Ce when 
you want to intercept and manipulate requests 
before the normal rev«*t processing happens 


(Core 01# PAtee"’ 

n |W 


3 


Your company wants to leverage its distributed silos. Yom joli is to 
seamlessly integrate your application's web serv ice endpoints with its DA( K. 
In addition, your coarse-grained Controller Locators must be enhanced to 
support J2ME, TDD I registries. 


Inch design pattern i an be used to achieve these design requirements? 

1 A. Domain Activator 

] B. Intercepting < )b*erver _ £j, ver , the irre«ularrties in the retirements, 

{ C. Composite Delegate the Compos.te Deleyte pattern *11 P^.de the 
, greatest refactonn^ flerabihty ) 

J 1). 1 ran filer Facade J 


(paM pe % 

patterns cK 
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This statement describes the potential benefits of a design pattern: 

The pattern reduces network roundtrips between a client and an Enterprise 
Bean, and gives the client a local cops ol" da data encapsulated bv an 
Knterprise Bean aftei a single method rail, instead of requiring several method 
calls. Which design pattern is being described.-* 

^ A. Transfer object -A key benefit of a Transfer Object 

□ R. Intercepting Filter '* ^he eduction of network traffic 

d C. ModebView-CnnlrolIrr 
U 1). Business Delegate 


(C ore J2.ee 
n 


5 


Your company. Models R Us, is creating an advanced inventory maximization 
component that can be used with all major J2EE container vendors. Your job 
is to design the piece of ibis component th.it will perform JNDI lookups with 
whatever vendor the client is using. 


(O. Mt 


What design pattern can help you accomplish this task? 


U A. Transfer object 

□ B Intercepting Filter 

□ C'.. Model-Mew-Cauitmller 
_) 1). Business Delegate 

id E. Service Locator 


-The Service Locator can be used when you 
want to encapsulate vendor dependences 
ConCernmft service lookups Using this pattern 
will help isolate the Code that will be unique 
from vendor to vendor 


6 


While fine timing your multi-tieredJ2EK business application, you’ve discovered 
that you'd gel better performance if you reduced the number of remote 
requests your app makes, and increased the amount <>| data collected for each 
request you make. 


(Co« 


rns. 


What design pattern should y ou consider to implement this change in your 


application? 



A. 

Transfer object 

□ 

B 

Service Locator 

□ 

C. 

Front Controller 

□ 

D. 

Intercepting Filter 

□ 

E. 

Model-View-Controller 


-The Transfer Object can be used to a^re^ate multiple, 
fine-framed remote calls mto a smale call Often, the 
reduction in network traffic more than makes up for 
the overhead of populating a laryr object, and an 
increase m performance can be achieved 
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Given this list of attributes: 

• related to Service Locator 

- reduces coupling 

- can add a layer and some complexity 


(Core J2.EE Patterns, re - 10Q-10V 


Which design pattern is bring described? 
LJ A. Transfer Object 

□ B Front Controller 
SI C, Business Delegate 

□ D. Intercepting Filter 

Q E. Model-View-Controllet 


-Although a la'P’ 14 added, the bereft of th« 
pattern (suth as reduted touplm^ and a simpler 
business tier interface), »>ake -t worthwhile 


Your well application Uses a ScssionRcan component in a distributed application to 
make a specialized calculation, such as validating credit-card numbers. However, you 
want to shield your web components from the code involved w ith looking up the 
Session Bean component and using its interlace. You want to decouple local application 
classes front the looking up and use of the distributed component, whose interface 
could change. Which J2EE design pattern can you use in this case? 

Q A. Transfer object. 

□ B. Service Locator. -A key benefit of the Business Delegate 

□ C. Model-View-Controller. ,s reduted touplm^ between the 

ri /, , presentation tier and the business tier 

Ij 9 1). business Delegate. 


(Core JZEE 

Patterns, p«j lOQ) 


Given this list of attribute*: (Cor* J2EE Patterns. p$ ?>!*)) 

- related to Business Delegate 

- improves network performance 

- can improve client performance through caching 


Which design pattern i' being described? 


□ A. Transfer Object 
M B. Service Lncainr 
Q C Front Controller 
LI D. Intercepting Filler 
Q E. Modcl-Yiew-Controllcr 


-By uSm} this pattern you tan ton,bme 
the network tails netessary to lookup and 
treate business objects 
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Final Mock Exam 



Do NOT try to take this exam until you believe you're ready for the real thing If you 
take it too soon, then when you come back to it again you'll already have some 
memory of the questions, and it could give you an artificially high score We really do 
want you to pass the first time. (Unless there were some way to convince you that 
you need to buy a fresh copy of this book each time you retake the exam...) 

To help defeat the “I remember this question” problem, we've made this exam just a 
little harder than the real exam, by not telling you how many answers are correct for 
each of our questions. Our questions and answers are virtually identical to the tone, 
style, difficulty, and topics of the real exam, but by not telling you how many answers 
to choose, you can t automatically eliminate any of the answers. It's cruel of us. really, 
and we wish we could tell you that it hurts us more than it hurts you to have to take 
the exam this way. (But be grateful—until a few years ago. Sun s real Java exams 
were written this way. where most questions ended with "Choose all that apply ") 

Most exam candidates have said that our mock exams are a little more difficult than 
the real SCWCD. but that their scores on our exam and on the real one were very 
close This mock exam is a perfect way to see if you’re ready, but only if you; 

1) Give yourself no more than two hours and 15 minutes to complete it. just like the 
real exam. 

2) Don t look anywhere else in the book while you're taking the exam! 

3) Don't take it over and over again. By the fourth time, you might be getting 98% 
and yet still not be able to pass the real exam, simply because you were memorizing 
our exact questions and answers. 

4) Wait until after you finish the exam to consume large quantities of alcohol or other 
mind-altering substances... 
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A program iiut has a validly configured directory structure for his Java EE well 
application which is called MyWrbApp. In which two directories could a lilc called 
myTag. tag reside in order to be accessed correctly by the container? (Chouse ttvn, 

□ A. MyWebApp/WEB-INF 

□ B MyWebApp/META-INF 

□ C. MyWebApp/WEB-INF/lib 

□ 1). MyWebApp/WEB-INF/tags 

□ E. MyWebApp/WEB-INF/TLDs 

L) 1 MyWebApp/WEB-INF/tags/myTags 


Which of the following are legal EL? iChoose all that apply 

□ A. ${"1" + "2") 

□ B. ${1 plus 2} 

□ C. ${1 cq 2) 

□ 1). ${2 div 1} 

□ E. $(2 t 1} 

□ K $("head" Vfirst"} 
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A I'Ll) from a Java lorum website contains this lay delinition: 

<tag> 

<name>avatar</name> 

<tag-class>hf.AvatarTagHandler</tag-class> 
<body- con ten t>emp ty < /body - con ten t> 


<attribute> 

<name>userld</name> 

<required>true</required> 

<rtexprvalue>true</rtoxprvalue> 
</attribute> 

<attribute> 

<narae>size</name> 

<required>fa1se</required> 
<rtexprvalue>£alse</rtexprvalue> 
</attribute> 

</tag> 


VVItat is true about AvatarTat> Handler, assuming it extends 
SimploTagSupport and outputs HTML that displays a user's av atar 
image? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

( . 

□ 

1). 

□ 

E. 


Tile i lass should have a size member \s tilt at least a setter method. 


No size variable is needed in the code because the I LI) states it 
is not required. 

An overridden doTag lifecycle method is needed. 

An overridden doStartTag lifecycle method is needed. 


The class must overload all implemented lifecycle methods with 
a version that includes an extra parameter for every attribute 
dolmen m the 1 LI). In iiiis case there is nni> one. 
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A Servlet sets up a beau before forwarding to a.jSP. 

(iiven: 

20. foo.User user = new foo.UserO ; 

21. user .setFirst(request.getPararaeter("firstName")) ; 

22. user.setLast(request.getParameter("lastName")); 

23. user.setStroet(request.getParameter("streetAddress")); 

24. user.setCity(request.getParameter("city")); 

25. user.setState(request.getParameter("state")); 

26. user.setZipCode(request.getParameter("zipCode")); 

27. request.setAttribute("user", user); 

What snippet, it placed in a JSP. could replace the Servlet code above? (Choose all that apply. 

Lj A. <jsp:useBean id-"user" type«”foo.User"/> 

1_J B. <jsp:useBean id="user" type="foo.User"> 

<jsp:setProperty name="user" property="*"/> 

</jsp:useBean> 

O C. <jsp:useBean id="user" class-"foo.Cser"> 

<jsp:setProperty name="user" property="first" param="firstName"/> 

<jsp:setProperty name="user" property="last" param="lastName"/> 

<jsp:setProperty name="user" proporty="street" param="streetAddress"/> 
<jsp:setProperty name="user" property="city"/> 

<jsp:setProperty name="user" property="state"/> 

<jsp:setProperty name«”user" property-"zipCode"/> 

</j sp:useBean> 

I). <jsp:useBean id="user" class="foo.User"> 

<jsp:setProperty name-"user" property-"*"/> 

<jsp:setProperty name="user" property="Hrst" param="firstName"/> 

<jsp:setProperty name="user" property="last" param="lastName"/> 

<jsp:setProperty name="user" property="street" param=”streetAddress"/> 
</j sp:useBean> 
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When comparing the benefits, limitation*, and uses of a business delegate object 
and a service locator object, which are true? i Choose all that apply.) 

Q A. They are equally likely to make network < .ills. 

Q B. They are equalh likel) to invoke methods in a trawler object. 

□ C. I’hey are rqualh likel) to be invoked directly front a controller object. 

U I). The service locator will typically lie considered a server to the business 
delegate. 

Q K. When troth are implemented with a cache, data staleness is a bigger 
issue for the business delegate. 


When creating session listeners which are true? (Choose all that apply.) 

O A. They are all declared in the 1)1). 

O 15. Not all ol them must be declared in the 1)1). 

IJ ( The 1)1) tag used to declare them is <listener>. 

Q D. The Dl) tag used to declare them is <session-listener> 

LJ I The Dl) tag used to declare diem is placed within die <web-app> lag, 

O F. The 1)1) tag used to declare them is placed within the <servlet> tag. 


Some users base complained that strange things are happening when they have 
two browser w indows open on a single machine and both windows access the 
application at the same time. You want to test various browsers to sec if a session 
would be shared across multiple windows. You decide to do this by outputting 
the JSESSIONID in aJSH How could you accomplish this, assuming you have 
cookies enabled on ymn test browsers? Choose all that apply.) 

□ A. ${cookie.JSESSIONID} 

□ B. ${cookie.JSESSIONID.value) 

□ C. ${cookie["JSESSIONID"]("value"]) 

□ I). $ {cookie. JSESSIONID ["value" ]} 

□ K. ${cookie["JSESSIONID"].value} 

□ F. $ (cookieValues [ 0 ] . value} 
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Which implicit object can ac t ess tlu- attributes from tin SorvletContext.' 


□ 

A. 

server 

□ 

D. 

context 

□ 

C. 

request 

□ 

I). 

application 

□ 

E. 

servletContext 


Which methods exist in HttpServlet? (Choose all that apply.; 

J A. doGet 
l_J B. doTrace 
[J C. doError 
U 1). doConnect 
Q E, doOptions 


10 


You have determined that certain capabilities in your web application will require that 
users be registered members, hi addition, your web appliiation sometimes deals with uset 
data that yout users want you to keep confidential. 


Which are true? Choose all that apply.) 

Q A. You can make transmitted data confidential only after your application has 
veritierl the user s password 

□ B. Of the various types of authentication guaranteed by a Java KE container, only 
BASIC. Digest, and Form Based are implemented by matching a user name to a 
password. 

i-J C. No matter what type of Java KE atithentit ation mechanism you use, it will only 
he activated when an otherwise const rained resource is requested. 

U 1). All of the Java EK guaranteed types of authentication provide strong data 
security without the need to implement supporting security features. 
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Given these fragments from within .1 single lag in a Java EE DD: 

343. <web-resource-collection> 

344. <web-resource-name>Recipes</web-resource-naine> 

345. <url-pattern>/Beer/Update/*</url-pattern> 

346. <http-method>POST</http-inothod> 

347. </web-resource-collection> 

367. <auth-constraint> 

368. <role-name>Member</role-najne> 

369. </auth-constraint> 

385. <user-data-constraint> 

386. <transport-guarantee>CONFIDENTIAL</transport-guarantee> 

387. </user-data-constraint> 

Which are true? (Choose all that apply.) 

Q A. A Java EE 1)1) can contain .1 single tag in which all of these tags can legally co-exist. 

—] B. It is valid for more instances o| <auth-constraint> to exist within the single tag 
described above, 

LI C. It is valid tin more instances ol <user-data-constraint> 
to exist w ithin the single tag described above. 

O I). It is valid for more instances .>1 <url-pattern> to exist within the 

<web-resource-collection> lag described above. 

Q E. It is valid for oilier tags of the same type as the single encasing tag described nlmve to 
hav e the same <url-pattern> as the lag above. 

Q 1 This lag implies that authorization, authentication, and data integrity security features 
are all declared Ibr the web application. 
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You are creating a JSP Document that generates a dyiuunu SV(» image which 
is represented by an XML document structure. Fite JSP must declare the 
HTTP response header 'Content-Type' as ' image/svg+xml ' so dial 
the web browser "ill render the response as an K\ (i image. 

VVhichjSP code snippet declares that this JSP Document is an SV’tJ response? 

U A. <%@ page contentType= ' image/svg+xml ' %> 

L) B. <jsp:page contentType='image/svg+xml ’ /> 

D ( <jsp:directive.page contentType='image/svg+xml' /> 

D D. <jsp:page.contentType>image/svg+xml</jsp:page.contentType> 


( iiven in a JSP page, the line: 

<%— out.print("Hello World"); —%> 
What is the IIFML output? 

_J A Hello World 
^ 1$ out.print("Hello World"); 

□ C. <*— Hello World --> 

[J D. No output is generated by this line. 


Which statements about H FTP session support are true? (.'house all that 

14 apply. I 

LJ A. Java LL containers must support II 1 TP cookies. 

LI B. Java FT containers must support URL rewriting. 

Ij C!. Java Eli containers must support the Secure Sockets Layer 

□ D. Java F.K containers must support HTTP session*, even fi»r client* that 

do not support cookies. 

□ K. Java EE containers must recognize the HTTP termination signal that is 

issued t<> indicate that a i lient session is no longer active. 
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Youi company lias purchased a license for .1 third party JavaScript 
library for constructing mrnus. Your team lias run into countless errors 
by mistaking!} misusing the library and the users are insisting that 
certain menu items sln»ulil <mly hr \ isiblr in useis with the aiilhnii/,ed 
security role. A custom lag library using Simple tag handlers muld shield 
developer* from making syntactical JavaScript errors and provide the 
security features the users desire. 


After a design meeting, your team lead documented that she would like 
the menu to IihiR like the following: 

<menu:main> 

<menu:headltem text-"My Account” url-"/myAccount.do"/> 
<menu:headltem text="Transactions"> 

<menu:subitem text="Incoming" url="/incomingTx.do"/> 
<menu:subitem tcxt="Outgoing" url="/outgoingTx.do”/> 

<menu:subitem text="Pending" url="/pendingTx.do" 
requireRole="accountant"/> 

</menu:headltem> 

<menu:headltem toxt="Admin" url="/admin.do" 
requ i reRo le«*" admi n " /> 

</monu:main> 


You wish to put I he lull responsibility of generating output on the 
outei <menu:main> tag handler, assuming that centralizing the display 
logic will be easier to maintain. The outer tag handler will need access to 
its descendent tags to accomplish this. Which or the following options 
provides ihe lies! approach:* 

Q A. Every inner tag should register itself dim tly to its immediate parent. 

Hie immediate parent can store its children in an ordered collection. 

Q B Every inner tag should register itself directly to the outer tag handler, 
and ihr outer tog handler can store them all in a single HashSct 


1 I I •kl«t*o f "I I nu. I ...\imrv >••# isc.a olow tlio osnftvi 

>mm ka. V- Him* ut^.s, tmijiii iii|^iMi|'|Mi| t |«i<o nn .1 im III* Mltrun 

findDescendentWithClass () .11 id getChildren |) which give 
the main outer tag full access to ils children without any extra 
coding necessary. 

□ D. Have each inner lag save itself .is a page scoped attribute with its lext 
value as die attribute key. 
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Which |S|* lift-cycle phase ran cause .in HTTP 'iOO status code to he returned on 
16 ■' request to a JSP page? iChoose all that apply.; 

LJ A. ,|SP page compilation 

□ B. Execution of the service method 

LI C. Execution of the destroy method 

^ 1). Execution of the initialization method 



Given that session is a reference to a valid HttpSession and "myAttr" is 
the name of an object bound to session, which can be used to unbind object s 
from a session? Choose all that apply.) 


U A. session.unbind(); 

Q B. session.invalidate(); 

Q C. session, unbind ("myAttr") ,* 

□ 1). session. remove ("myAttr") ; 

D E. session.invalidate("myAttr") ; 

□ E session.removeAttribute("myAttr"); 
Q <;. session.unbindAttribute("myAttr"); 



If req is a reference to an HttpServletRequest and there is no current 
session, what is true about req.getSession () ? (Choose all that apply. 

□ A Invoking req.getSession () will return null. 

U B. Invoking req. getSession (true) will return null. 

D C. Invoking req.getSession (false) will return null 
L) l>. Invoking req.getSession () will return a new session. 

□ E. Invoking req. getSession (true) will return a new session 
L] I' Invoking req.getSession (false) will return a new session. 
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A Classic tag handler exists in legacy code. I he author wrote a handler that 
evaluates its tag body a hundred times, (n be used in testing other tags that 
produce random content. 

(liven: 

06. public class HundredTiroesTag extends TagSupport { 

07. private int iterationCount; 

08. public int doTagO throws JspExccption ( 

09. iterationCount =0; 

10. return EVAL_BODY_INCLUDE; 

11 . ) 

12 . 

13. public int doAfterBody() throws JspException { 

14. if(iterationCount < 100){ 

15. iterationCount++; 

16. return EVAL_BODY_AGAIN; 

17. }else{ 

18. return SKIP_BODY; 

19. } 

20 . ) 

21 . ) 

What is incorrect about tbe code.-* 

D A. l ay; handlers an not thread safe, so the iterationCount can become 
out of sync if multiple users are reaching the page at the same time. 

G If. The doAfterBody method is never being called because it is not part 
of the tag handler lifecycle. The developer should have extended the 
IterationTagSupport i lass to include this method in the lifer yi le. 

_] C. The doTag method should lie doStartTag As written, the default 
doStartTag of TagSupport is called which simply returns SKIP_ 
BODY causing doAfterDody o. never h* called. 

□ 1). When doAfterBody returns EVAL_BODY_AGAIN the doTag method is 
railed again. The doTag method resets iterationCount to 0. resulting 
in an infinite loop and a java. lang.OutOfMemoryError is thrown. 
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Given iliis fragment front a well application's Dl). 

72. <session-config> 

73. <session-tiraeout>10</session-timeout> 

74. </session-config> 

And given that session i- a reference to a valid HttpSession. and this 
fragment from a servlet: 


30. session.setMaxInactivelnterval(120); 


Alter line 30 executes, whic h are ti tle? Choose all that apply.i 
Q A. The 1)1) fragment is not valid. 

Q LI The invocation o| setMaxInactivelnterval will modify the value in 

the <session-timeout> tag. 

—J C. It is impossible to determine the session timeout litniis given the above. 

Q 1). 11 the container receives no client requests lor this session in 2 hours, the 
container will invalidate the session. 

Q F,. Il the container receives no client requests lor this session in 2 minutes, 
the container will invalidate the session. 

□ K If the container receives no client requests for this session in 10 seconds, 
the container will invalidate the session. 

Q G. If the container receives no client requests lor this session in 10 minutes, 
the container will invalidate the session. 


21 


You have created a valid directory structure and a valid WAR file for your Java ME 
web application. Given that; 

- ValidApp.war is the name of the WAR file. 

• WARdir represents the directory that must exist in every WAR file. 

- APPdir represents the directory that must exist in every web application. 
Which is true? 


Q A- The ai tual name of WARdir is NOT predictable. 

Q B. The name of your application is Nt )T predictable. 

Q G. In this directory structure, APPdir will exist inside WARdir. 

□ 1). In ihis directory structure, the application's deployment descriptor will 
reside in the same directory as WARdir. 

CJ K Placing vour application in a WAR file provides the option for the 

container to perform additional runtime cheeks not otherwise guaranteed. 
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When comparing H i l l* GET to H i l l' POST, what is true' Choose all that apply. 
—J A. Only HITP GET u idempotent. 

J B. Both require an explicit declaration in I I l’ML Idrnt tags. 

D C. Only H ITP POST can support multiple parameters in a single request. 

LD 1). Both support single parameter requests that sent! multiple values. 

LI K Only HTIT POST requests should Ire handled by overriding a servlet's 

service () method. 


Given this code in a servlet: 

82. String s = getServletConfigO.getlnitParameter("myThing"); 

Which 1)1) fragment will assign to s tin value "myStuf f "? 

D A. <init-param> 

<param>myThing</param> 

<value>myStuff</value> 

</init-param> 

□ B. <init-param> 

<name>myThing</name> 

<value>myStuff</value> 

</init-param> 

□ G. <init-param> 

<param-name>myThing</param-name> 
<parai»-value>my5tuf£</paramv»lue> 

</init-param> 

□ D. <servlet-param> 

<name>myThing</name> 

<value>myStuff</value> 

</servlet-param> 

LI K. <servlet-param> 

<param-name>myThing</param-name> 
<param-value>myStuff</param-value> 

</servlet-param> 
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Ciiven thal a String; is stored as an attribute named accountNumber of some scope, 
which scriptlet(s) will nuptut the attribute? 

-I A. <%= pageContext. flndAttribute ("accountNumber") %> 

LJ B. <%= out.print("${accountNumber)") %> 

Q C. <% Object accNum ■ pageContext.getAttribute("accountNumber"); 
if(accNum = null){ 

accNum = request.getAttribute("accountNumber"); 

> 

if(accNum = null){ 

accNum = session.getAttribute("accountNumber"); 

) 

if(accNum = null){ 

accNum = servletContext.getAttribute("accountNumber"); 

) 

out.print(accNum); 


—) D. <% requestDispatcher.include("accountNumber"); %> 



You have inherited a legacy JSI* web application with lots of scripting 
code. Your manager lias demanded that ev'rn ,|SP be refactored to remove 
scripting code. He wants you to guarantee that no scriptlel code exists in 
yourJSP CodeBase and to have the web container enforce a "no scripting” 
policy. 

Which web.xml configuration element will accomplish this goal? 

Q A. <jsp-property-group> 

<url-pattern> *.jsp </url-pattern> 
<permlt-scripting> false </permit-scripting> 
</j sp-property-group> 

O B. <jsp-config> 

<url-pattern> *.jsp </url-pattern> 
<permit-scripting> false </permit-scripting> 
</jsp-config> 

[J ( <jsp-property-group> 

<url-pattern> *.jsp </url-pattern> 
<scripting-invalid> true </scripting-invalid> 
</jsp-property-group> 

-J 1). <jsp-config> 

<url-pattern> *.jsp </url-pattern> 
<scripting-invalid> true </scripting-invalid> 
</jsp-config> 
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Given: 

01. <%@ taglib uri«"http://java.sun.com/jsp/jstl/core" prefix«"c" %> 

02 . 

03. <% 

04. java.util.List books = now java.util.ArrayList(); 

05. // add line here 

06. request.setAttribute("myFavoriteBooks", books); 

07. %> 

08. 

09. <c:choose> 

10. <c:whon test="${not empty myFavoriteBooks}"> 

11. My favorite books are: 

12. <c:forEach var="book" items="${myFavoriteBooks}"> 

13. <br/> * $<book) 

14. </c:forEach> 

15. </c:when> 

16. <c:otherwise> 

17. I have not selectod any favorite books. 

18. </c:otherwise> 

19. </c:choose> 

Wliirh «il ilie follow inp; lines of < ode, if inserted independently at Line 5. will eauso the text 
within tin- c:otherwise tan display' (Choose all that apply 


a 

A. 

books.add(""); 

□ 

If 

books.add(null); 

□ 

C. 

books.clear(); 

□ 

D 

bonk* add ("Hear! First"); 

□ 

K. 

books = null; 
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You are working Oil ail .i|>| >li< at inn tli.it manages a businr* 1 * listing directory, 
(liven: 

99 <c: forFaedv var="phonf*Number" i tannss ' $ { rompany 

contactlnfo.phoneNumbers)'> 

30. <c:if test='$(verify:isTollFree(phoneNumber)}'> 

31. <img src="/images/TollFree.gif ”/> 

32. </c:if> 

33. $(phoneNumber)<br/> 

34. </c:forEach> 

Tlu- above snippet adds a special icon in front of phone numbers that are 
toll free. Which statement about the EL function front this code snippet is 
guaranteed to be true? 

□ A. I he EL (unction must be declared public and stati< 

□ B. fhe EE function must not return any value and be declared void 

Q (J. I lu <uri> value in the EL function's TED must be Verify 

LI 1). fhe name of the class that implements the EL function must be 
named Verify 

Q E. Il phoneNumber is a String, the <function-signature> value 
in the fEl) should be isTollFree (String) 
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W hich are methods oi HttpServietRequest that retrieve the body of the 
request? (Choose all dull apply.) 

G A. getReader() 

LI B. getStreara() 

L) (. getlnputReader() 

_) 1). getlnputstream() 

D E. getServletReader() 

LI E getServletStream() 
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Given a Java EE web applit alum in which I he following browser request: 

http://www.wickodlysmart.com/MyApp/myDir/DoSomething 

w ill he handled by a servlet in the application, which three are true;' 

(Choose three.) 

Q A The deployment descriptor must include instructions to handle 
the request as specified. 

LJ B. The request can he handled as specifier! with no related instructions in the 
deployment descriptor. 

□ G. The servlet that handles this request must lie named DoSomething. class 

LJ D. The servlet name is not predictable based on the information provided. 

LJ E. The application must contain a directory named myDir 

Ll E rite name of the directory in which the servlet resides is not predictable 
based on the information provided. 


Your web application lias a valid deployment descriptor in which student and 
sensei arc the only security roles that have been defined The deployment 
descriptor contains two security constraints that declare the same resource to 
lie constrained. The first security constraint contains: 

234. <auth-constraint> 

235. <role-namo>student</role-namo> 

236. </auth-constraint> 

And the second security constraint contains: 

251. <auth-constraint/> 

Which are true? (Choose all that apply. ' 

_I V As the deployment descriptor stands now. the constrained resource ran 

be accessed by both roles. 

LJ B. As the deployment descriptor stands now, the constrained resource can 
be accessed only by sensei users. 

□ C. As the deployment descriptor stands now; the constrained resource ran 

be accessed only by student users. 

□ l). If the second <auth-constraint> lag is removed, the constrained 

resource can be accessed by both roles, 

d E. ll the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only by sensei users. 

J F. ll the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only bv student users. 
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Wliioli >>f the following custom lags is guaranteed to fail. J Choose all that apply 

G A. <mine:border> 

<mine:photos album="${albumSelected)"> 

</mine:border> 

</mine:photos> 


G B, <mine:border> 

<mine:photos album=”${albumSelected}"/> 
</mine:border> 


G C. <raine:border> 

${albumSelected.title} 

<mine:photos>$(albumSelected}</mine:photos> 
</mine:border> 


G I). <mine:photos includeBorder="$(userPreference.border}" 
album="$(albumSelected)" /> 



Yoiir n-tiei weh application uses the Java F.K patterns that are most typically used 
when such an application wants to access remote registries. Which are benefits of 
these patterns? (Choose all that apply- 

G A. Increased cohesion 

G B. Belter performance 

G C. Better maintainability 

G I). Reduced network traJFii 

G E. More interactive browser capabilities 
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What is generally true about the lifecycle of a servlet? (Choose all that apply. 
G A. You should NO'l write a constructor for a servlet. 

G B. You should NOT override a servlet’s init() method. 

G G. You should NOT override a servlet's do6et() method 

G 1). You should NOT override a servlet’s doPost() method 

G E. You should NOJ override a servlet - serviced method. 

G E You should NOT override a servlet’s destroy!) method. 
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Given this portion of a Java EE .war file* directory structure: 

MyApp 

I— MFTA-TNF 

| |— MANIFEST. MF 

| | — web. xml 

I 

|-- WEB-INF 

| |— index.html 

I I-- TLDs 

| |— Header.tag 

What change(&) are nec essary' to make this structure valid and the resources 
accessible? Choose all that apply. 

LJ A. No changes are necessary. 

[J B. The web.xml tile must Ire moved 

LI C. I’hc index.html tile must Ire moved. 

L I). The Header. tag file must be moved. 

□ E. The MANIFEST.MF tile must be moved. 

D F. The WEB-INF directory must be moved. 

G (I. The META-INF directory must hr mover I 


You are considering implementing some variety of MVC in your Java EE n-tier 
application. Which are true? Choose .ill that apply.) 


LI A. This design will often sene business delegate objects. 

D It. b often reduces nrlwoik tiallii by caching irmutely located data 

LI C. This design goal simplifies communications with heterogeneous resource 
registries. 

Q I). Even though MVC solutions have many benefits, they often increase 
design complexity. 


LJ E. Rotli the front controller pattern and Struts could be considered solutions 
for this design goal. 

^ F This design will provide you with the capability to easily recombine 
request and response handlers. 
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(jiven in a JSH page, the line: 

<% List myList * new ArrayListO ; %> 

U hirh ,|S1> rode snippets ran you use rn import these flat.) types? (C Ihnose two 

G A. <%l import java.util.*; %> 

G B. <%@ import java.util.List java.util.ArrayList %> 

G C. <%@ page import*’java.util.List,java.util.ArrayList' %> 

G 1) <%• import java.util.List; import java.util.ArrayList; 

□ E. <%@ page import*’java.util.List' %> <%@ page 

import*'java.util.ArrayList' %> 



You arc tasked w ith adding several security features to your roinpany'sjava EE 
vveb application. Specifically. you need to rrrale sevenal«lasses n| users and based 
on a user’s class, you need to restrict them to use only some of die application's 
pages. In order to restrict access, you must determine that users arc who they say 
they are. 


Which are true? Choose all that apply.i 

□ A. If you need to verify that users are who they say they are, you must use 

the applic ation's deployment descriptor to implement that requirement. 

G B. Java EE's authorization capabilities should be Used to determine that 
users are who they say they are. 

G (!. In order to help you determine that users are who they sa\ they are. you 
ran use the deployment descriptor’s <login-config> tags. 

□ 1). Ill oulci lu li< l|< you drlci mine dial iisei s air who dies say they air, you 

can use the deployment descriptor's <user-data-constraint> tags. 

G E. Depending on the approach you use, determining that users are who they 
say they are might require including a "realm". 


810 appendix 



appendix: final mock exam 


Valid App is .i Java EE application with a valid directory structure. YalidApp 
contains nil image files in threr locations within the directory structure: 

- ValidApp/imageDir/ 

- ValidApp/META-INF/ 

- ValidApp/WEB-INF/ 

In which ul these locations can clients directly access these .gil files? 

□ A. Only in ValidApp/META-INF/ 

O II. Only in ValidApp/imageDir/ 

CD C. All of tlie above locations 

CD I). Only in ValidApp/imageDir/ ami ValidApp/WEB-INF/ 

L) E. Onlv in ValidApp/imageDir/and ValidApp/META-INF/ 


Given req is a reference to a valid HttpServletRequest, and: 

13. String!] s = req.getCookies(); 

14. Cookie[] c - req.getCookies(); 

15. req. setAttributo("myAttrl", "42"); 

16. req.setAttribute("myAttr2", 42); 

17. String!] s2 = req.getAttributeNames(); 

18. String!] s3 = req.getParameterValues("attr"); 
Which lines of cmle will not compile? (Choose .ill that apply.) 


□ 

A. 

line 

13 

□ 

B. 

line 

14 

□ 

C, 

1 «ts/» 
ki iv 

1 -. 

1 .» 

□ 

D. 

line 

it> 

□ 

E. 

line 

17 

□ 

E 

line 

la 
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A l ag; File named Products. tag displays a list of products. 

(liven this snippet From the Tag File: 

1. <%@ attribute name*”header" required*"false" rtexprvalue*"false" %> 

2. <%@ attribute name*"products" required*"true" rtexprvalue*"true" %> 

3. <%@ tag body-content*"tagdependent" %> 

Which of the following are legal usages of the Tag File? Choose all th.it apply. ' 

J A. <display:Products header*"Shopping Cart" products*"$(shoppingCart)"/> 

LI B. <display:Products header="Wish List" products="${wishList}" body- 
content="$(body)"/> 

l—i C. <display:Products header=”Similar Products" products="${similarProducts) 
Customers who bought this item also bought: 

</display:Products> 

—] I) <display:Products header*'<%* request.getParameter("listType") %>’ /> 
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You are taking part in an initiative to remove scriptlets from theJSPs of a legacy 

weh application lor a major hank. You come across the following lines of code: 

<% if((com.yourcompany.Account)request. 

getAttribute("account")). 
isPersonalCheckingO ) { %> 

Checking that fits your lifestyle. 

<% ) %> 

How can you replace this using JSTL? Choose all that apply 

G A. <c:if test*' $( account.personalchecking)’>Checking 
that fits your lifestyle.</c:if> 

G Ll. <c:if test*'$(account( "personalchecking" ])’>Checkinq 
that fits your lifestyle.</c:if> 

G ( <c.i£ test—"${ account [‘per.sonalChecking 1 ]) ">Check.ing 

that fits your lifestyle.</c:if> 

G D. <c:if test*'${account.isPersonalChecking)’>Checking 
that fits your lifestyle.</c:if> 
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(iiven tin" following event 1 \|>«*s: 

- HttpSessionEvent 


- HtfcpSoeeionBindingEvont 

- HttpSessionAttributeEvent 

Match the event types almve to their res|»ertive listener interlaces. Note: yon can 
match an event type to more than one Listener.i 


HttpSessionAttributeListener 
HttpSessionListener 
HttpScssionActivationListenor 
HttpSessionBindingListener 



What's true ahoui the lifecycle of a servlet? (Choose all that apply 

LI A. The service () method is the first method invoiced by the container 
when a tiers request i> received. 

-J B The service!) method is invoked by eithei doPost() or doGet() 

after they’ve completed a request. 

LI ( (inch time that doPost() is invoked. it runs in its own thread. 

LI l). The destroy!) method is invoked after cvcrv invocation ol doGet() 
completes. 

U K. The container issues a separate thread for each client request. 
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When might aJSPgct translah d? Choose .ill that apply. 

O A. When the developer compiles code in the sre folder 
LJ B. When the application is started 

□ ( . The first time a user requests tlteJSI* 

□ 1). After jspDestroyO is called, it gets retranslated 
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Given ibis fragment from a valid doGot() method: 

12. OutputStream os = response.getOutputStream(); 

13. byte[] ba = {1,2,3}; 

14 . os.write(ba); 

15. RequestDispatcher rd = request.RequestDispatcher("my.jsp") 

16. rd.forward(request, response); 

Assuming thai "my. jsp" adds thr bytes 4. 5, and 6 to the response, what is the resiili. J 


□ A. 123 

□ B. 456 

□ C. 123456 

□ I). 456123 

D E. Alt exception is thro wit 



A programmer needs to update a live, running servlet's initialization parameters 
so that the web application will begin to use the new parameters immediately. 

In order to accomplish this, which must be true although not necessarilv 
sufficient)? (Choose all that apply.) 

□ A. for each parameter, you must modify a 1)1) tag that specifies tin- name 

of the servlet, the name of the parameter, and the new value of the 
parameter. 

Q R The serv let’s constructor must retrieve the updated 1)1) parameter from 
the servlet’s ServletConfig object 

□ C. The container must destroy and then reinitialize the servlet. 

Q 1). for each parameter, the DD must have a separate 

<init-param> tag. 



Which types can be used in conjunction with HttpServletResponse methods 
to stream output data? (Choose all that apply.) 

_] V java.io.PrintStream 

LI B. java.io.PrintWriter 

Li C. java.io.OutputStream 

LI D. java.lo.FileOutputStream 

LJ E. java.io.ServletOutputStream 

□ I java. io.ByteArrayOutputStreain 
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Your vvil> application lias a valid <ld with a single <security-cons train t> 
lag. Within this lag exists; 

- a single ml pattern that declares directoryl 

- a single http method that declares POST 
• a single role name that declares GUEST 

II all nf the resources for your application exist within directoryl and 
directory2. and MEMBER is also a valid role, which are true? Choose all 
that apply, i 

□ A. GUESTs cannot do GET requests in directoryL 
LJ It. GUESTs can do GET requests in both directories. 

Q (.'. GUESTs can do POST requests only in directory^. 
i_] D. MEMBER- i an do GET requests in both directories. 

L) I. GUESTs can do POST requests in both directories. 

Q F. MEMBERs can do only POST requests in directoryl. 


CJiven: 

1. <%@ taglib prefix="c" uri="http://java.sun.com/jsp/ 

jstl/core" %> 

2. <%@ taglib prefix=" tables” uri="http://vrww. javaranch. 

cotn/tables" %> 

3. <%@ taglib prefix-"jsp” tagdir-"/WEB-INF/tags" %> 

4. <%@ taglib uri="UtilityFunctions" prefix=”util" %> 

Whitt about the n I rove taglib directives would cause the JSP to not function;' 

LJ A. Line I is wrong because the prefix attribute must tome before the 
m i attribute. 

Ll B. Line 3 is wrong because there i> no m i attribute. 

Q C. lane I is wrong because the uri value must begin with http:// 

I). Line i is wrong because the prefix jsp is reserved Ibr standard actions. 
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Given ihui resp is a reference t« • a valid HttpServletResponse object dial 
contains, among others. the following headers: 

Content-Typo: text/html 
MyHeader: mydata 

And die following invocations: 

25. resp.addHeader("MyHeader", "mydata2"); 

26. resp.setHeader("MyHeader", "mydata3"); 

27. resp.addHeader("MyHeader", "mydata"); 

What data will exist for the MyHeader header? 

LJ A. mydata 

LJ B. my data 3 

LJ (l. mydata3, mydata 

—) ]). mydata3, mydata2 

LJ K. mydata,mydata2,mydata3 

□ F. mydata,mydata2,mydata3,mydata 
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Given tlie following portion of a wvh.xml from a legacy application: 

<jsp-config> 

<taglib> 

<taglib-uri>prettyTables</taglib-uri> 

<taglib-location>/WEB-INF/tlds/prettyTables.tld</taglib-location> 
</taglib> 

</jsp-con£ig> 

Assuming the server running your code now supports Java 1.4 EE or greater, what could you 
do to remove the above <jsp-config> tag and i- till have your code work? 

Q A, Change lhe- taglih directive’s uri attribute in yourJSPs to use 
and the container will automatically map it. 

LJ B Place <uri>prettyTables</uri> in your TLD file, 

LJ C. Remote the taglib direc tives that ttsetl this mapping in vmir 
JSP> I he container w ill handle n automatically. 

LJ 1). This is impossible. The <jsp-config> entry here must he 

present lot the container to map the I'LL) to the uri referenced 
in your JSPs. 
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For a page that lists shopping rart items, the message “Your shopping rail is 
empty.” must display when the carl is empty. Which of the following code 
snippets could satisfy this functionality assuming the scoped attribute carl is a hist 
of pnnhti Is? (Choose all dial apply 

□ A. <c:if test='${empty cart}’> 

Your shopping cart is empty. 

</c:if> 

<c:forEach var®"itemInCart" items®"${cart)"> 
<shop:displayItem itern®"${itemlnCart)"/> 

</c:forEach> 

—1 II <c:forEach var="itemInCart" items="${cart}"> 

<c:choose> 

<c:when test®’${empty itemlnCart)’> 

Your shopping cart is empty. 

</c:when> 

<c:otherwise> 

<shop:displayItem item="${itemlnCart}"/> 

</c:otherwise> 

</c:choose> 

</c:forEach> 

□ C. <c:choose> 

<c:when test®'${empty cart}'> 

Your shopping cart is empty. 

</c:when> 

<c;when test®’${not entity cart)’> 

<c:forEach var="itemInCart" items="${cart}"> 
<shop:displayItem item®"${itemlnCart}"/> 

</c:forEach> 

</c:when> 

</c:choose> 

O L). <c: choose> 

<c:when test—'${empty cart} '> 

Your shopping cart is empty. 

</c:when> 

<c:otherwise> 

<c:forEach var®"itemlnCart" items®"${cart)"> 
<shop:displayItem item="${itemInCart}"/> 

</c:forEach> 

</c:otherwise> 

</c:choose> 
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(liven the following code from a servlet, and given dial myVar is a reference to either 

HttpSession or a ServletContext 

15. myVar.setAttribute("myName", "myVal”); 

16. String s = (String) myVar.getAttribute("myName"); 

17. // more code 

Alter line 16 executes, which are true ' (Choose all that apply.) 

Q A. The value of s cannot lie guaranteed. 

Q II. II myVar is an HttpSession. compilation will fail. 

O < If myVar is a ServletContext. compilation ill fail. 

L] I). If myVar is an HttpSession. s is guaranteed to have the value "myVal". 

L] E. II myVar is a ServletContext. s is guaranteed to have the value "myVal 1 



(liven a portion of Java EE vvelr application's deployment descriptor: 

62. <error-page> 

63. <exception-type>IOException</exception-type> 

64 . <location>/mainError.j sp</location> 

65. </error-page> 

66. <error-page> 

67. <error-code>404</error-code> 

68. <location>/notFound.jsp</location> 

69. </error-page> 

What is true? 

-_] \ I hc deployment descriptor is not valid 

□ It. II the application throws an IO Except ion. nothing will be served. 

O (Il the application throws an IOException. notliumd.jsp will be served. 
Q I). If the application throws an IOException. niainError.jsp will be served. 
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(iiven the following JSP: 

1. <%! String GREETING ■ "Welcome to my page"; %> 

2. <% request.setAttribute("greeting", GREETING); %> 

3. Greeting: ${greeting) 

4. Again: <%= request.getAttribute("greeting") %> 

An attempt is made to convert the above JSP to aJSP Document: 

01. <jsp: declaration 

02. String TITLE ■ "Welcome to my page"; 

03. </jsp:declaration> 

04. <jsp:scriptlet> 

05. request.setAttribute("greeting", GREETING); 

06. </jsp:scriptlot> 

07. Greeting: $(greeting) 

08. Again: <jsp:expression> 

09. request.getAttribute("greeting"); 

10.</j sp: expression 

What is wrong with the new JSP Document? (Choose all that apply. 

□ A. No < jsp: root> was declared. 

i_J B. The template text should he wrapped in a <jsp: text> lag. 

L) C, KL expressions are not allowed in JSP Dor uments. 

CD D. I he <jsp:expression> contents should not have a semicolon. 



Which of the following is LEAST likelv to make or receive network calls? 


□ 

A. 

JNDI server 

□ 

1L 

transfer object 

□ 

C. 

set \ ii e locoloi 

□ 

D. 

front controller 

□ 

E. 

intercepting fill 
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Given: 

10. ${questionNumber}: ${question) 

11. <c:forEach var-"answer" iterns-”${answers)"> 


16. </c:forEach> 

The question attribute is a String that may contain XML lags that must l>r 
displayed in the browser as regular text. With tlir above snippet, the browser 
is not displaying the XML tags. What can be changed to fix this? (Choose 
all that apply) 

Q A. Replace ${question) with <crout value="$(question)"/> 

□ U. Replace $lquestion) with <c:out>$(question)</c:out> 

LJ C. Replace ${question) with <c:out escapeXml*"true" value*"${question)"/> 
^ 1). Replate ${ question) with <%« $(question) %> 



Your,Java LI', web application is gaining in popularity and ymt decide to add a 
second server to support the volume of client requests. Which are true about the 
migration of a session from one server to the other? (Choose all that apply.) 

LJ A- Such migrations are not (tossible within a session. 

CJ R. When a session is migrated, its HttpSession goes w ith it 

Q C. When a session is migrated, its ServletContext goes with it. 

Q If When a session is migrated, its HttpServletRequest goes with it. 

C3 E. If an object is added using HttpSession. setAttribute, the object 

must lie Serializable in mdet to be migiated (iooi one srtvci to the 
other. 

Q 1 If an object i> added using HttpSession. setAttribute. and the 
object’s class has implemented Serializable. readObject and 
Serializable. writeOb ject, and the session is migrated, the 
container w ill invoke these readObject anil writeObject methods. 

□ <;. If a session attribute implements HttpSossionActivationListener. 
the container's only requirement is to notify listeners once the session has 
been activated on the new server. 
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A Java EE deployment descriptor dei lares several Idlers whose URLs match a 
v>i\«-ii request, and also declares several filters whose <servlet-name> tug* 
match the same request. 

What statements are true about the titles that the cotilainet uses to invoke the 
filter m for that rec|ttest? (Choose all that apply) 

U A. < fitly the <servlet-name> matched filters will be invoked. 

D B Of the URL matched filters, only the lirst will be invoked. 

D (()l the <servlet-name> matched filters, only the first will be invoked. 

LI 1) The <servlet-name> matt lied filters will he invoked before the URL 
matched fillers. 


□ E. All of the URL matched filters will be invoked, hut the order of 
invocation is undefined, 

LI E All of the l RL matched filters will be invoked, in the order in which they 
appear in the DL). 


When comparing servlet initialization parameters to context initialization parameters, 
which are true fur both? (Choose all that apply, i 

□ A. In their respective l)D tags, they both have a <param-najne> and a 

<param-value> tag. 

LI B. Their respective DD tags are both placed directly under the <web-app> tag. 

Q C. Their respective methods used to retrieve initialization parameter values are 
both called getlnitParameter 

□ 1). Both can be directly accessed from aJSP. 

LI E. (fid\ changes to context initialization parameters in the 1)1) can be accessed 
without redeploying the well application. 


AJSP developet wants to include the contents or the file copyright. jsp 
into all primary JSP pages. 

Which mechanisms can do this? Choose all that apply, i 

Q A. <jsp:directive.include file="copyright, jsp" /> 

LI B. <%@ include £ile™"copyright. jsp" %> 

□ C. <%@ page include="copyright.jsp" %> 

D D- <jsp:include page»"copyright.jsp" /> 

LI E. <jsp:insert flle="copyright.jsp" /> 
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You are developing an application to manage customer accounts Ibr a company that ofl'ers 
phone, t able, and Interuel services. Many of the pages contain a search functionality I he 
search box should look the same on every page hut some of the pages should limit the 
sr.nt li lo onl) phone, t it!ile, tit I 11 << 111<1 at 1 minis. 

Given a separate JSP named Search.jsp: 

1. <form action-"/search.go"> 

2. Find ${param.accountType) Account: 

2. <input type="text" name=”searchText”/> 

3. <input type-"hidden” name="accountType" value="$Iparam.accountType}"/> 

3. <input type-”submit" value-"Search " 

4. </form> 

What tag should you use in a JSP that needs to search for cable accounts? 

J A. <jsp:include page="Search.jsp” accountType="Cable"/> 

J B. <jsp:include page-"Search.jsp"> 

<jsp:param name="accountType" valuo="Cablo"/> 

</j sp:include> 

□ C. <jsp:include file-"Search.jsp" accountType="Cable"/> 

U 1). <jsp:include file= "Search, jsp"> 

<jsp:attribute naine="accountType" value-"Cable"/> 

</j sp:include> 


While testing lit tvs various tags and scrip tie Is work, a developer creates tile 
63 follow ing JS P: 

1. <% request. setAttributeC name", "World"); %> 

2. <!— Teat —> 

3. <c:out value-'Hello, ${namoy'/> 

Much lo the developer s surprise, the browser docsn’l display anything .it all when 
her JSP is retrieved. If the developer views the HTML source of the page, what 
w ill she line! in the output? 

^ A. <!— Test —> 

□ B. <! — Test —> 

<c:out value-’Hello, ${naroe)'/> 

!_) C. <!— Test —> 

<c:out value-'Hello, World’/> 

Q D. No output 
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A dating services application asks its single users a series of questions. A session stuped 
64 attribute called compatibilityProfile of type HashMap already exists, into which each 

submitted question 111 and answer pair are stored. 

Given: 

22. <% ((java.util.HashMap)request.getSession().getAttribute(" 

compatibilityProfile")) put( 

23. request.getParameter("questionldSubmitted "), 

24. request.getParameter("answerSubmitted")); 

25. %> 

How can this be replaced without IlsiilR scripllets? (Choose all that apply 

G A. <c:map target-"${compatibilityProfile}” 

key="${param. questionldSubmitted)" 
value="${param.answerSubmitted)"/> 

_] B. <jsp:useBean id="compatibilityProfile" class="java.util.HashMap" 
scope-"session"> 

<jsp:setProperty name="compatibilityProfile" 
property="${param.questionldSubmitted)" 
value-"${param.answerSubmitted)"/> 

</jsp:useBean> 

U C ${compatibilityProfile[param.questionldSubmitted) = 
param.answerSubmitted) 

D I) <c:set target-"${compatibilityProfile)" 

property="${param.questionldSubmitted)" 
value—"${param.answerSubmitted)"/> 
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A programmer is creating a film for a Java EE web application. (liven the following code: 

7. public class MyFilter implements Filter { 

8. public void init(FilterConfig config) throws FilterException { ) 

9. 

10. public void doFilter(HttpServletRequest request, 

11. HttpServlotResponse response, 

12. FilterChain chain) 

13. throws IOException, ServletException { ) 

14. 

15. ) 

Whal chatigefs; art* net rssarv to create a valid filler? (Choose all that apply. 

Q A. No changes are necessary'. 

LI B. A destroy() method must be added. 

LJ C. The doFilter () method's body must be changed. 

LI I). The init() method s signature must Ire changed. 

□ E. I h>- doFilter ( ) method’s arguments mast be changed 

□ K l it' doFilter () method’s exceptions must be changed. 
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Your coni]»any wants to include a splash page, SplashAd. jsp. to advertise other company 
offerings to users as they first enter the site. On this new page users will hr given the option to 
click a checkbox on the ad page that says“Do not show me this oiler again" and click a submit 
button that says “Continue to M\ Account”. If the user submits this form with the checkbox 
i hecked, the receiving Servlet sets a Cookie with the name of "skipSplashAd”to the user's 
browser and then passes control back to the main.JSP. 

The main JSP w ill be responsible for forwarding the request to the splash page What snippet 
can be added to the lop of the main page to send the user to the splash page if they have not yet 
selei let! the t her kliox to avoid tile .ul ulfei ? 
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A programmer wants to implement a ServletContextListener (oven the following L)I) 
fragment; 

101. <!— insert tagl here —> 

102. <parara-name>myParam</param-name> 

103. <param-value>myValue</param-value> 

104. <!— close tagl here —> 

105. <listener> 

106. <!— insert tag2 here —> 

107. com.wickedlysmart.MySCListener 

108. <!— close tag2 here —> 

109. </listener> 

And this listener class pseudocode: 

5. // packages and imports here 

6. public class MySCListener implements ServletContextListener { 

7. // method 1 here 

8. // shutdown related method here 

9. 1 

Which are true.* i Choose all that apply, 
u A. The Dl) fragment cannot be valid 
Q B. tagl should he <context-param> 

[_] ( . tagl should he <servlet-param> 

D L). tag2 should be <listener-class> 

U K. lag'2 should be <servlot-context-class> 

Q F. method 1 should be initializeListener 
□ G. meihodl dumid In c<juL exLIiutiuliicil 
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IV wickedly smart website lias a validly deployed Java EE web application and 
Deployment descriptor that contains the following: 

<welcome-file-list> 

<welcome-file>welcome.html</welcome-file> 
<welcome-file>howdy.html</welcome-file> 
<welcome-file>index.html</welcome-file> 
</welcorae-flle-list> 

A portion of the web app’s directory structure looks like this: 

MyWebApp 

I 

|— index.html 


— welcome 

|— welcome.htral 


— foobar 

|— howdy.html 
ll the application receives the following two requests: 

http://www.wickedlysmart.com/MyWebApp/foobar 
http://www.wickedlysmart.com/MyWebApp 


Which set of responses will be served? 

G A. howdy.html then a 404 
G B. index.html then a 404 
G ll. welcoroe.html then a 404 
G 1). howdy.html then index.html 
G E. Index.html then index.html 
G K howdy.htmllhenwelcomo.html 
G (f welcoroe.htmlthenindex.html 


826 appendix 





appendix: final mock exam 


Vour web application has a valid dd with a single <security-constraint> tag. 

Within this lag exists: 

- a single http method that deviates GET 

All of the resources in vain application exist within directoryl and 

dircctory2 and the only defined rules are BEGINNER and EXPERT 

II you want to restrit i BEGINNER' from using resources in directory2, which 

are true about the ml and role tag,si you should declare? (Choose all that apply. 

Q A. A single url tag should declare directoryl and a single role lag should 
declare EXPERT 

Q U A single url tag should declare directory2 and a single role lag should 
declare EXPERT 

Q C. A single url tag should declare directoryl and a single role tag should 
declare BEGINNER 

Q l). A single url tag should declare directory2 and a single role lag should 
declare BEGINNER 

G E. < >nr url tag should declare ANY and its role tag should declare EXPERT, 
and another url tag should declare directory2 and its role tag should 
declare BEGINNER 

CG I ()ue ml tag should declare both directories, and its role tag should declare 
EXPERT, and another url tag should declare directoryl and its role tag 
should declare BEGINNER 
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A programmer lias a validly configured directory structure liu his Java EE weh 
application which is called MyWebApp. In which two directories could a file < ailed 
myTag. tag reside in order to lie accessed correctly by the container.' Choose two.) 

□ A. MyWebApp/WEB-INF 

□ B- MyWebApp/META-INF 

□ C. MyWebApp/WEB-INF/lib 


8 


«, 

t>oe 


1). MyWebApp/WEB-INF/tags 

i—| t , -Options D ar.d F ta<v filer MUST be located m 

□ E. MyWebApp / WEB - INF/TLDs Rectory or ,n a *bd,rectory of lay 

SI I' MyWebApp/WEB-INF/tags/myTags 


Which of the following are legal KL? iChnose all that apply; 

n/ . . -Option A both T and ‘T tan be Converted to 

[2 a. $i"i" + '^"i y*, n , , 

ty?e Lon}, ouput* 5 

B ${1 plus 2}_^p^ 10fl g p| u i ,, BO t EL operator 

a c:. $|1 oq 2} -Option C •* valid, outpvts false 

^ 1). $ {2 div 1} -Option D is valid, outputs Z.0 

□ E. ${2 & 1} -0pt«>n E & IS not a valid EL operator, unlike && or and 

□ K ${ "head" + "first" ) -Option F you tan t concatenate i*trwy 

«:th the + operator EL fails to coerce 
the string values into type Double 


JSP v2-0 section 1 ^' 

hfvi fc 
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A 11.1) from a Java (brum website contains this tag definition: 

<tag>s 

<name>avatar</name> 

<tag-class>hf.AvatarTagHandler</tag-class> 
<body-content>emp ty</body-content> 


jep vTO 1 * 1 * 

V,t ^ 


<attribute> 

<name>userld</name> 

<required>true</required> 

<r texprvalue>true</rtoxprvalue> 

</attribute> 

<attribute> 

<narae>size</name> 

<required>fa1se</required> 

<rtexprvalue>£alse</rtexprvalue> 

</attribute> ^ *** ^ 

store uit. even though the taj 

</tag> usay doesn't always require rt 


What is true about AvatarTattHandler, assuming it extends 
SimpleTagSupport and outputs HTML that displays a user's avatar 
image.’ (Choose all that apply.) 


A. 

□ B. 


The i lass should have a size member with at least a setter method. 

No size variable is needed in the code because the I LI) states it 
is not required. 




C. 


An overridden doTag lifecycle method is needed. 


-Ofb on C won't addomplisl, 
anything unless you override 
this and provide the 
needed behavior There is 
J default implementation 
m SimpleTi^Suppoei but it 
does nothing 


□ 1) 

□ K. 


An overridden doStartTag lifecycle method is needed. -Option D doStartTa^ is 

.... . , i ii - i i it , i a o for C-Ussid ta^ handlers 

I he class must overload all implemented luecycle methods w ith 


defined hi the 1 LD. in iiits case there is unis one. 


i version that includes an extra parameter for even attribute 

- Opt**, £ there's only one li-fedydle method 
for Simple ta3 handlers and any overloaded 
versions won't be redoyized by the donta.ner 
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A Servlet sets up ,t beau before forwarding to ajSP. 
Otmi: 


jgp mI-0 6 °'' <51 

hf &0-V* 


20. foo.User user - new foo.OserO; 

21. user.setFirst(request.getParameter("firstName")); 

22. user.setLast(request.getParameter("lastName")); 

23. user.setStreet(request.getParameter("streetAddress")); 

24. user.setCity(request.getParameter("city")); 

25. user.setState(request.getParameter("state")); 

26. user.setZipCode(request.getParameter("zipCode")); 

27. request.setAttribute("user", user); 


What snippet, if placed in a JSf* could replace the Servlet code above? (Choose all that apply. 


□ A. 

□ B. 




<jsp:useBean id-"user" type-"foo.User"/> 

<jsp:useBean id="user" type="foo.User"> 

<jsp:setProperty name="user" property-"*"/> 
</jsp:useBean> 


<jsp:useBean id="user" class-"foo.User"> 
<jsp:setProperty name="user" property- 
<jsp:setProperty name="user" property- 
<jsp:setProperty name="user" property- 
<jsp:setProperty name="user" property 
<jsp:setProperty name="user" property- 
<jsp:setProperty name-”user" property- 
</jsp:useBean> 


-Options A B both us< the type 
attribute which requires that the 
bean u already saved to some scope 
Even .f they used the elass attribute 
•t would be insufficient for poPulat.no 
*11 the bean's properties ^ 

"first" param="firstName"/> 

"last" param="lastName"/> 

"street" param-"streetAddress"/> 
"city"/> 

"state"/> 
zipCode"/> 


<jsp:useBean id="user" class="foo.User"> 

<jsp:setProperty name-"user" property-"*"/> 

<jsp:setProperty name="user" property="first" param="firstName"/> 

<jsp:setProperty name="user" property="last" param="lastName"/> 

<jsp:setProperty name="user" property-"street" param="streetAddross"/> 

</jsp:useBean> . ........ .. _ m !».. _,.4 

* ' Options C an/l U individual <jsy sevr r«re* '-i' '*r "—*• 

be used to map parameters to bean properties when the 

names do not match For the parameter names that do 

mat£h. the property-"*'' tan be used to automatically 

pass them all mto the bean 
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a 


eO* V>J,W 


When comparing the benefit, limitations, and uses of a business delegate object 
and a service locator object, which are true? Choose all that apply.) 
n ... -Option A ; -byptcallv the business delegate will atk 

U A. I hey are equally likelv to make network calls. dr ^o*e. object V-ake a rail 

D B. They are equally likely to invoke methods in a transfer object. -Option 8 typically the 

n . . ... service locator doesn't use 

—1 C. They are equally likely in be invoked directly (runt a controller object. a transfer ob^c* 

Q I). The service locator will typically lie considered a server to the business -Option C typically the 

delegate. Controller makes requests of 

.. . . , . , . . . . ,. the business delegate, and 

tU h. when Imth aic implemented with a cache, data stateness ts a bigger it L 

when neceisary the business 

delegate will make a request 

of the service locator 


K. When Ixith an* implemented with a cat lie, data stateness is a bigger 
issue for the business delegate. 


When creating session listeners which arc true? (Choose all that apply.) ^ 

□ A. They are all declared in the 1)1). -Option A KttpSessionBmdin^Listener 
✓ ,s not declared m the PD W * 

ill 15, Not all ol them must be declared in the 1)1). 

O ( . The DD tag list'd In declare thrill is <listener>. “^Option C were hoping that you can 

O D. The Dl) tag used in declare them is <session-listener> ^ ^ ^ *on 

El K. The DD tag used to declare them is placed within the <web-app> lag, 

LD F. The DD tag used to declare them is placed within the <servlet> tag. -Option F remember cessions 

can span many servlets 


Some users hate complained that strange things are happening when tin s have 
two browser windows open on a single machine and both windows access the 
application at the same lime. You want to test various browsers to see il a session 
would be shared across multiple windows. You decide to do this by outputting 
tin JSESSIONID in a ISH How could vou accomplish this, assuming you have 
cookies enabled on your test browsers:’ Choose all that apply.) 


jsp *2-0 i 

Servlet *2-* ^Un H 

d rvi and 


□ A. ${ cookie.JSESSIONID} 


B. $1cookie.JSESSIONID.value) 


-Option A evaluates to a Cookie object, which outputs the 
reference to the Cookie object, not its internal value 


sTt:. S (cookie( “JSESSIONID"] ("value”) 1 .Oyb^ B . C. D, E £o oU EL -ftot 

id 1). ${ cookie. JSESSIONID I "value"]} object .s a map of Cookie object* These opt. 

all retrieve the JSESSfflWir) >,ii 


HTk 

□ K 


retrieve the JSE££(0^|D Cookie and Call its 

${ cookie ["JSESSIONID"] .value} jetMueO method 

$(cookieValues [0] .value) -Option F Cookiei/alues is not an EL implicit object 
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- JSP * *^' OT ' 1 Ql> 

Which implicit object can access the attributes from the ScrvletContext? 


□ A. 

□ n. 

□ c. 

i). 

□ E. 


server 


context 


C « Correct beca-sc tKe Ve«\-eW 'n l,t,L 

request object can only access re<\*est-sCope<i attributes 
application ^tion D u Correct The application imp|,dit 


servletContext 


object is equivalent to the ServletContext 


Options A, B, and E are 
inCorrett because these 
are illegal names for JSP 
im pliCit objects 


9 


Which uiethmls exist m HttpServlet.’ (Choose all that apply.; 


Ha 

IV 


doGet 

doTrace 


□ C. doError -0pt«" C there isn't an HTTP ERROR method e.ther 


□ 1) 

E. 


doConnect 

doOptions 


"Option D- http has »connect method, 

but it’s the exception to the rule, ifs the only 
method that's not mnrrcred m HttpServlet 


http 11 . bf ^ ^ 


10 


- Vsf bTl- 4 ®* 

You have determined that t errain capabilities in your web application will require that 
users be registered members. In addition, your web applii atintt sometimes deals with usn 
data that yout users want you to keep confidential. 


Which are true? Choose all that apply.) 

Q A. You can make transmitted data confidential only after your application has 
verifier! the user s password 


□ B. 

c. 


Of the various types of authentication guaranteed bv a Java EE container, only 
BASIC. Digest, and Form Based are implemented by matching a user name to a 
password. 

No matter what type of Java EE authentication mechanism you use. it will only 
be activated when an otherwise constrained resource is requested. 


LI 1) All of tin Java EE guaranteed types of authentication provide strong data 
security without the need to implement supporting security features. 
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Given these fragments from within a single tag in a Java EE 1)P: 

343. <web-resource-collection> 

344. <web-resource-name>Recipes</web-resource-naine> 

345. <url-pattern>/Beer/Update/*</url-pattern> 

346. <http-method>POST</http-mothod> 

347. </web-resource-collection> 


Servlet 12-> 

V,f 


367. <auth-constraint> 

368. <role-name>Member</role-najne> 

369. </auth-constraint> 


385. 

386. 

387. 

Which are 


Cuser-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint> 

true? (Choose all that apply. 


A. A Java Eli Dl) can contain a single tag in which all of these tags can legally co-exist. 

B. It is valid for more instances of <auth-constraint> to exist within the single tag 

rlescrilted above. . , 

-Option C a valid <sctwnty-co»>*tvaunt> 

C. It is valid for more instances of <user-data-constraint> . as c ^n declare only a single 

to exist within the single tag described above. ^^e of data integrity 

I). It is valid for more instances <url-pattern> to exist within the 

<web-resource-collection> tag descrihed above. 


E. It is valid for other tags of the same type as the single encasing tag descrihed above to 
have the same <url-pattern> as the lag above. 

E This tag implies that authorization, authentication, and data integrity security features 
are all declared tor the web application. 


you are here ► 833 



final mock exam s wers 


- JSP * 1-° * tt,or 11 

You are creating a JSP Document that generate* a dyiiamit SV(» iniiige w iiii li 

is represented by an XML document structure. I'heJSP must declare the 

HTTP response header 'Content-Type' as ' image/svg+xml ' so that -Dption A it indorrect because the 
the web browser "ill render the response us «n KY(i image. ‘tandiv-d JSP d*c£ti*e synta* 

Which JSP c«xle snippet declares that this JSP Document is an SVG response? 15 no l ^ '** ^ 

G A. <%@ page contentType='image/svg+xml’ %> 

G B. <jsp:page contentType=' image/svg+xml ’ /> -Option B « mcorvedt bf. 

_/ {.bore is oo op'pay standard 

L3 C. <jsp:directive .page contentType-' image/svg+xml' /> ^ m JSP Document* 

G |l). <jsp:page.contentType>image/svg+xml</jsp:page.contentType> 

/vc r i . . . —Option D « mdorredt bedauve 

ZSZ L“ a ^ tKe W a no > f : ? ay eo.tentTyye 1 

pjy t tke app.-opir.ate standard JSP Document ' -— 


standard ta^ in JSP Documents 


(liven in a JSP page, the line: 

<%— out.print("Hello World"); 
What is die I IFML output? 

G A Hello World 
G 1$ out.print("Hello World"); 
G C. <!— Hello World —> 

33 D. No output is generated hy ihis line. 


JSP v TO 1 * 1 ' 

bf V* 


Which statements about HTTP session support arc true? Choose all that 

14 apply.) 


Street 

w? 2-Al 


l most always used 


Qfl A. Java EE containers must support HTTP cookies. Option t 1 I^KL ueunrrfrint) is almost always u«i 
_ a s the fallback wKen tookies are not available, 

LI R. Java EE containers must support l'Rl. rewriting. ^ ^ N0T a for Containers 

3fl C. Java EE container* must support the Srcurr Sockets Liver. 

33 I). Java EE containers must support H E I P sessions, even for «lients that 
do not support rookies. 

G E. Java EE containers must recognize the HTTP termination signal that is 

issued to indicate that a client session is no longer active. . . c UTTP doevnt bare 
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Youi company lias purchased a license for .1 third party JavaScript 
library for constructing mrnus. Your team lias run into countless errors 
by niistakingly misusing the library and the users are insisting that 
certain menu items sln»ulil only hr \ isiblr in useis with the aiilhnii/,rd 
security role. A custom lag library using Simple tag handlers muld shield 
developer* from making syntactical JavaScript errors and provide the 
security features the users desire. 




After a design meeting, your team lead documented that she would like 
the menu to look like the following: 

<menu:main> 

<menu:headltern text-"My Account” url-"/myAccount.do"/> 
<menu:headltem text="Transactions"> 

<menu:subitem text="Incoming" url="/incomingTx.do"/> 
<menu:subitem text="Outgoing" url="/outgoingTx.do”/> 

<menu:subitem text="Pending" url="/pendingTx.do" 
requireRole="accountant"/> 

</menu:headltem> 

<menu:headltem toxt="Admin" url="/admin.do" 
requ i reRo le«*" admi n " /> 

</monu:main> 


You wish to put the lull responsibility of generating output on the 
outet <menu:main> tag handler, assuming that centralizing the display 
logic will be easier to maintain. I’he outer tag handler will need access to 
its descendent tags to accomplish this. Which of the following options 
provides llie best approach? 

JLI A. Every inner tag should register itsell dim dy to its immediate parent. 
Hu- immediate parent can store its children in an ordered collet lion. 

L] B Every inner tag should register itsell directly to the outer tag handler. 

and the outer tag handler can store them all in a single IlashSct 


n i- 


I • > I I 1*0 ( I .. . o I 1.0 
miiiivi vuimn ut^.* 


Vk'ttXt'tlai I I. Alioootl Olol lllo^ tll.l •»%.»♦ Ill .1 Is 
• tMlijiit 1 |4|«M tut 1 ills III* IIP on 


findDescendentWithClass () anil getChildren () which give 
the main outer lag lull act css to iis children without any extra 
coding necessary. 

1). Have each inner tag save itself .is a page scoped attribute with its text 
value as die attribute key. 


-Option A 1 the wnflett 

toMaon. as it create* a «*>?»« 
{ytt of tKit 

yse* the <i»em» ; *niin> aceess 
to all o( its descendent ta^s 

-Option! 3 and V wouldn't cyv; 
the outer tafl any clue how the 
inner taijs are structured 

-Option c these methods 
don’t e*i*t Only 
^indA"CestorVVithClass() and 
aetParentO are available 
from the API 
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Which JSP life i yc|r phase rail cause at) HTTP 'lOO stains colic |o Itc returned on 
16 H request to a |Sf* page? iGhoOse all dial apply. 

0 A. |SP page compilation A « Cctred betju* J the JSP rervfef uAe &!« 

^ n ' ■ r . , f°" ,p,le ' tKeh the *"*** X*** a *mr- $lde error 

un B. Execution of the sen n e method ** ‘ 


-M‘<» B « Correct bet** - . 

* ^ JSP b, L . V ni,me e%te ^ 


_□ C!. Execution of the destroy method *" the JSP »va-fc be handled bv +k * i e *£eptx>n thrown 

f 7 ^ . a ^ to " W ^ * ~*i 

123 1). Execution of the initialization method 


error. 


cannot cause a CJnBoP issue revests to the JSP and must cend 

a server-side error 



Given that session is a reference to a valid HttpSession and "myAttr" is 
the name of an object bound to session, which can be used to unbind object * 
from a session? Choose all that apply.! 


□ A. 
IH B. 


session.unbind(); 
session.invalidate(); 


API. tW k 


Q C. session.unbind("myAttr"); 

□ 1 ). session. remove ("myAttr") ; £ mV alidateO * used to unbind all 

□ E. session. invalidate ("myAttr") /objects bound to the sesno* 

E session. removeAttributo ("myAttr") Option r removeAttributeO a used 

, to unbind a tingle object 

LI G. session. unbindAttribute ("myAttr") ; 



- »r>j iC 

If req is a reference to an HttpServletRequest and there is no current 
session, what is true about req.getSession () ’ (Choose all that apply. 


□ A 

□ B. 

ef 

u. 

a e. 


Invoking req.getSession () will return null. 
Invoking req. getSession (true) will return null 


-Opt' 0 * 5 A and B m these cases 
a new session is treated 


Invoking req.getSession (false) will return null. 


Invoking req.getSession () will return a new session. 
Invoking req.getSession (true) will return a new session 


□ F. 


Invoking req.getSession (false) will return a new session 
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A Classic tag handler exist-, in legacy code I hi- author wrote .1 handler that 
evaluates its lag body a hundred times, to be used in testing other tags that 
produce random content. 

(liven: 


API 

vTO senior 16 

hf &-** 1 


06. public class HundredTiroesTag extends TagSupport { 
07. private int iterationCount; 

08. public int doTagO throws JspExcoption ( 

09. iterationCount = 0; 


10. return EVAL_BODY_INCLUDE; 

11 . 1 
12 . 

13. public int doAfterBody() throws JspException { 

14. if(iterationCount < 100)( 

15. iterationCount++; 

16. return EVAL_BODY_AGAIN; 

17. }else{ 

18. return SKIP_BODY; 

19. } 

20 . ) 


21 . ) 


What is incorrect about the code.-* 


-0fb<m A 1*$ handlers irf thread safe, 
*0 rt u OK to shore 1 kibe m them 


□ A. 

□ U 



□ 1 ). 


Tag handlers an not thread safe, so the iterationCount can become 
out of sync if multiple users are reaching the page at the same time. 

rile doAf terBody method is never being called because it is not part 
of the tag handler lifecycle. The developer should have extended the 
IterationTagSupport class to include (his method in tin- lifei vile. 

The doTag method should be doStaxtTag As written, the default 
doStartTag of TagSupport is called which simply returns SKIP_ 
BODY causing doAfterDody to never l>* eallrd. 


-Option 8 

IterationTa^Support u not i 
real dlass The doAf terBody 
method a part of the 
IterattOnTa^ interfade whidh 
TagSupport doei implement 

-Option C- simply ehan^wt 
th.j method name should fix 


When doAf terBody returns EVAL_BODY_AGAIN the doTag method is 
called again. The doTag method resets iterationCount (o < 1 . resulting 
in an infinite loop and a java, lang.OutOfMemoryError is thrown. 

-Option D ere* .f the method name dhany from 
Option C « flV<«d, an infinite loop should never 
oddur bedause a Clasnd ta$ lifedydle never dalls 
doStartTag more than onde 


the problem If the projedt 
happens ho use Java 5 SE, 

•t s a yod idea to use the 
0Overr.de annotation on 
these lifedydle methods to 
ensure that a mistake like 
this doesn’t happen 
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(iivcn iltis fragment from ;t vveh application's DD. 

72. <session-config> 

73. <session-tiraeout>10</session-timeout> 

74. </session-config> 

And given chal session is a reference to a valid HttpSession. and this 
fragment from a servlet: 

30. session.setMaxInactivelnterval(120); 

After line 30 executes, which an- true? I Choose all that apply, i 
Q A. The 1)1) fragment is nol valid. 


API, st iW-lVi 


□ u. 


□ c. 


The invocation ot setMaxInactivelnterval will modify the value in 
the <session-timeout> tag. 


It is impossible to determine the session timeout limits given the above. 

Q 1). II the container receives no client requests lor this session in 1 hours, the 
container will invalidate the session. 


^ E. 

□ K 


If the container receive* no client requests for this session in 2 minutes, 
the container will invalidate the session. 

If the container receive* no client requests for this session in 10 seconds, 
the container will invalidate the session. 


>] (1. If the container receives no client requests lor this session in 10 minutes, 
the container will invalidate the session. 


B the method 
overrides the 
time a, t for this session 


-Option t the 
argument (or this 
method represents 
seconds, however 
the value <n the ta^ 
represents mmutes 


21 


Servlet tr 

hf Mi 


You have created a valid directory structure and a valid WAR file for your Java EE 
web application, (liven that: 

- ValidApp.war is the name of the WAR file. 

• WARdir represents the directors that must exist in every WAR file. 

- APPair represents the directory that must exist in every web application. „ . 

Which is .me? ^ * the " 

d A. The actual name ol WARdir is NOT predictable. „ , . 

✓ -Option B typ^ally the Container Will 

IB B. The name of your application is NOT predictable. the application by usm^ the name 

Q (!. In this directory structure, APPdir will exist inside WARdir ^* e ^ ^ 

D 1). In this directory structure, the application's deployment descriptor will 
reside in the same directory as WARdir. 

CJ K. Placing your application in n WAR tile provide* the option for the , ^ ^ ^ 

container to perform additional runtime checks not otherw ise guaranteed. ' •. _i 

1 " yves you the option 

to perform additional 
ftmldvAmt checks 
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_ HTTP I I ard 

W? ch* 


When i ontparing HTI’P GET in HTTP POST, what is true? Choose .ill that apply. I 

22 a. Onl\ H ITP GET is idempotent. -Ofi>e» h >( » e^UtSy 

deda« a method, qfcl Is assumed 

J B. Both require an explicit declaration in IIFML Idrm lags, 

i_] C. Only H IT P POST can support multiple parameters in a single request. 

3 / I). lioih support single parameler requests that semi multiple* r allies.-Art on D both Can handle this 

LI li Only im p POST requests should be handled by overriding a servlet's 

service () method. ^ (<m ^ tKe ^ 

the ena**, you should never 
override the sewiCcO method 



Given litis rode in a servlet: 


Serv a?? 

hf I«> 


82. String s = getServletConfig().getlnitParameter("myThing"); 


Which 1)1) fragment will assign to s the value "myStuf f 

D A. <init-parara> 

<param>myThing</param> 

<value>myStuff</value> 

</init-param> 

□ B. <init-param> 

<name>myThing</name> 

<value>myStuff</value> 

</init-param> 

O G. <init-param> 

<param-name>myThing</param-najne> . , 

<paran value>myStuff</paran values C 15 Correet *ynta* 

</init-param> +0,r ^-P**-* ta 3 

□ D. <servlet-param> 

<name>tnyThing</nanje> 

<value>myStuff</value> 

</servlet-param> 

LI It <servlet-param> 

<param-name>myThing</param-naroe> 

<parara-value>myStuff</param-value> 

</servlet-param> 
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. , . . t secti®* 

Given that a String is stored a* .in attribute named accountNumber ol somr scope, ^ ... ^ 

which *criptlct(si will ouptiit the attribute? 

it/" -Option A If you had to use 

lid A. <%= pageCon text. ftndAttribute< "accountNumber") %> tw.s the «ay 

d B. <%= out.print("${accountNumber}") %> a r , 

option 0 Ei_ does 

Q C'.. <% Object accNum ■ pageContext. getAttribute ("accountNumber") ;n©t jet evaluated 
if(accNum = null) { inside of sdnptletr 

accNum = request. getAttribute ("accountNumber") ; His is an illegal use 

) of scriptlets anyway, 

if (accNum = null) { so don't thmlc this 

accNum - session. getAttribute ("accountNumber") ; was just a tnck^ 

) 

if(accNum = null){ 

accNum = servletContext.getAttribute("accountNumber") 

) 

out.print(accNum); 

%> 


-Option C : So dose 
servletContent is 
not a valid inn pllilt 
object It should 
have used application 


□ D. 


<% requestDispatcher.include("accountNumber") ; %> ^H IOn ^ rr ^estDispatchee is 

an Implicit object Even if 
•t were, this is just wrcnj 


Vmi have inherited .i legacy JSP web application with lot* of scripting 
code. Your manager has detniinded that every J^P In- refactored to remove 
scripting code. He wants yon to guarantee lh.it no script let rode exists in 
your JSF CodeBase and to have the web container enforce a “no scripting" 
policy. 

Which web.xml configuration element will accomplish this goal. 1 


JSP Vision t O 
v«ctior ^^ 


□ A. 


□ B 


&r*c. 


□ n. 


<jsp-property-group> -Option A u wCorrect because 

<url-pattern> *.jsp </url-pattern> <permit-scriptm5> a not a valid 

<permit-scripting> false </permlt-scriptlng> configuration element 
</j sp-property-group> 


-Option B is incorrect because 
neither cjsp-Conf.y. n0 r 
cpermit-scnptin^s are valid 
Configuration elements 


<jsp-config> 

<url-pattern> *.jsp </url-pattern> 

<permit-scripting> false </permit-scripting> 

</jsp-config> 

<jsp-property-group> 

<url-pattern> *.jsp </url-pattern> 

<scripting-invalid> true </scripting-invalid> 

</jsp-property-group> 

<jsp-conflg> 

<url-pattern> *.jsp </url-pattern> -Option D is incorrect because 

<scripting-mvalid> true </scripting-invalid> <jsp-confi^> is not a valid 
</jsp-conflg> Conf i^uration element 
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- JSP *T° 

CJiven: h£ V1 fc 

01. <%@ taglib uri«"http://java.sun.com/jsp/jstl/core" prefbc*"c" %> 

02 . 

03. <% 

04. java.util.List books = now java.util.ArrayList(); 

05. // add line here 

06. request.setAttribute("myFavoriteBooks", books); 

07. %> 

08. 

09. <c:choose> 

10. <c:when test="$(not empty myFavoriteBooks)"> 

11. My favorite books are: 

12. <c:forEach var="book" items="${myFavoriteBooks}"> 

13. <br/> * ${book) 

14. </c:forEach> 

15. </c:when> 

16. <c:otherwise> 

17. I have not selectod any favorite books. 

18. </c:otherwise> 

19. </c:choose> 


Wliirh «il ili<* liillnw inp; lines of code, if inserted independently ai lane 5, will cause the text 
within tin- c:otherwise tan to display? (Clawise all that apply 

Q A. books.add("") ; 

IV books.add(null); 

□ C. book.. clear O ; ^ ‘*‘*1 

aTi ) hook* add("Hoar! First"); 



-Oybows A, B, and D all add so-ethm} to 

the books Ltsi »ak .«5 it HOT 


LI E. books = null; 


^rx'o*> 

'afue 
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You .ire working on ail applii atiori dial manages a business listing directory. 
(liven: 

99 <c:forF!afJi var="phonf*Number" it’ems= 1 $(rompany 

contactlnfo.phoneNumbers)’> 

30. <c:if test= 1 ${verify:isTollFree(phoneNumber)}’> 

31. <img src="/images/TollFree.gif"/> 

32. </c:if> 

33. ${phoneNumber)<br/> 

34. </c:forEach> 


J^P v 2-0 sect*" 2-> 

v,f ^ee-Vfl 


The above snippet adds a special icon in front of phone numbers that are 
toll free. Which statement about the EL function front this code snippet is 
guaranteed to he true? -Opto*' A : ill EL- functions must 

r-S .be declared public and static 

id A. I'he EL function must be declared public and static 

I—| . -Option B* rt shotld return i boolean 

U B. The EL function must not return any value and he declared void so rt can be used by the <t if> {a 

_) Cl. The <uri> value in the EL function’s TLU nuist he Verify -Option C the <un> value shalld 

match whatever is declared in 
the JSP's tagbb directive, which 
was not shown 


L] U. The name of the class that implements the EL function must be 
named Verify 


□ E. 


Il phoneNumber is a String, the <function-signature> valtu\^ 
in the I LL) should be isTollFree (String) 


-Option E <funCtior,-siy>iture> requires that a return 

type be declared It also requires that all class types be 
fully qualified, so String should be java tang Stnng 


-Optiw, D the fully Qualified 
class na»e is capped m the 
T(_D using <funetion-dass> and 
does not have to match any 
particular naming Convention to 
be used for EL functions 


28 


Which are methods oi KttpServietReques t that retrieve the body of die 
request? (Choose all that apply.) 

rf A. getReader () Option A getfeaderO retrieves the 

□ B. getstreaxn () ^ * £K *-^tcr data 

□ C 
^ n 

□ E. 


»n! 

«r i 


getlnputReader() 

getlnputstream() -Option D this method retrieves the 


getServletReader() 
-J 1 getServletStream() 


body as binary data 


value 
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(■ivrn a Java EE writ application in which the following browser request: 


Ser* 


II. wf «‘ 


http://www.wickedlysmart.com/MyApp/myDir/DoSomething 


will be handled by a servlet in the application, which three tire true:’ 
(Choose three.; 



The deployment descriptor must include instructions to handle 
the request as specified. 


-Ofbon A a <s«rvlei-*v3ppii»3> ta^ 

must be specified m the DD 


□ B. 


The request can he handled as specified with no related instructions in the 
deployment descriptor. 


□ C. 

^ D. 

a e. 

K 


The servlet that handles this request must be named DoSomething. class 


The servlet name is not predictable based on the information provided. 

The application must contain a directory named myDir 

I'he name of the directory in which the servlet resides is not predictable 
based on the information provided. 


-Options C and 
E »yD«r and 
DoSiomethm^ are 

virtual names known 

«"ly to tke DD 


Your web application has a valid deploy ment descriptor in which student and 
sensei arc the only security roles that have been defined I he deployment 
descriptor contains two security constraints that declare the same resource to 
he constrained. The first security constraint contains: 

234. <auth-constraint> 

235. <role-namo>student</role-namo> 

236. </auth-constraint> 

And the second security constraint contains: 

251. <auth-constraint/> 


Servlet IT®. 


Which are true? (Choost .ill that apply 


_I V As liie rirpioymenl rirscrtplor stands now, the constrained resource ran 

be accessed by both roles. 

Q B. As the deployment descriptor stands now, the constrained resource can 
lie accessed only by sensei users. 

□ C. As the deployment descriptor stands now. the constrained resource ran 
be accessed only by student users. 

^ l> ll the second <auth-constraint> tag is removed, the constrained 
resource can be accessed by both roles. 

d E. If the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only by sensei users. 

Q F. ll the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only by student users. 


-Options A. Bi and C' the 
second ta$ it "empty 

wbidh meant no volet dan 
u se tbit resource 
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JSP vi.O l-J. 

a chapter 10 


is not properly **c*ted 


Which of I hr following custom tags is guaranteed to fail? ('Iioom' all that applv i 

5dT A. <mine : border> . ., 

<mine:photos album="$ (albumSelected) "> -Option. hf J 9 "' Ir,c ■ 
</mine:border> 

</raine:photos> 

d B. <raine:border> 

<mine:photos album=”${alburoSelected} "/> 

</mine:border> 

d C. <mine:border> 

${alburaSelected.title} 

<mine:photos>${albumSelected}</mine:photos> 

</mine:border> 

L) I). <mine:photos includeBorder="${userPreference.border}" 
album="${alburoSelected)" /> 


-Oy- tiow B, C, and D are all 
poim-tially legal usages of 
Custom tags 


32 


- tore \2*« W-W 

V«i»n n-tier web application uses tlir Java F.K patterns that arc most typicalh used ^ 

when mi«3i .in application wants to access remote registries. Which are benefits of 

these patterns? (Choose all lli.tt apply.i 

The patterns used here are the business delegate and the servite 
loeator By using these two patterns together, each Component 
has »ore Wused responsibilities, and when architectural changes 
occur, maintenance efforts will be reduced 


69 A. Increased cohesion « 
d B. Better performance 
H C. Better maintainability 
d I). Reduced network tralTic . , ~ . 

n ,. .. . , ..... ^ 'f you p^ked option D don't worry -when the 

U I. More interactive browser capabilities service locator ,s implemented with a cache you can .ndeed 

reduce network traffic However, caches always Come with 
their own drawbacks, so this isn't the most dan da.d > 0 Li^ 

What is generally true about the lifecycle of a servlet? (Choose all that apply.: API> £ e ' r '^ e ^* 

A. You should N( ) l write a constructor for a servlet. 


d B. You should NOT override a servlet's init() method. ^ 

d (I. You should NOT override a servlet’s doGet() method 

d 1). You should NOT override a servlet’s doPost () method 

09 E. You should NOl o\erride a servlet's service () method, 

d K You should NOT override a servlet’s destroyO method. 


Options B and F are usually done 
when a servlet needs to create 
and destroy resources used by 
the servlet* such as database 
Connections- 
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Given thin portion of a Jam EE .war file's directory structure: 


to. 1. St Mm 


MyApp 

I— MFTA-TNF 

| |— MANIFEST. MF 

| | — web. xml 


I 

|-- WEB-INF 

| |— index.html 

I I-- TLDs 

| |— Header.tag 

What chatige(s) ate necessary to make this structure valid and the resources 
accessible? Choose all that apply. 

LJ A. No changes are necessary. 


2^ n 

□ c. 

^ i). 

□ E. 

□ F. 

□ G. 


The web.xml file must lx- moved. -Option 8 webocJ must be m the WFB-IN r directory 

The index.html file must be moved. -Option C is OK, but not directly accessible to clients 
I hr Header. tag tile must lie moved. —Oytion D ta^ files must be in the 
The MANIFEST.MF file must be moved. P^^on of the tree 

The WEB-INF directors must be mined. 

The META-INF directory must be moved 


tore |W, ‘ 


You are considering implementing some variety of MVC in your Java EE n-tier |^- 

application. Which are true? (Choose all that apply.) 
n \ ti • A ■ II r, , al , - -Option h business deleyte. serve Controllers 

—1 A. I Ins design will ofien sene business delegate objects. ' ^ b ects that support 

^ II. Ii often i educes uclwoik traffic I caching remotely located data. MVC mi I cache, but MVC 

n /. •.-! . . ... itself typiMlIy doesn’t 

U 1 . I Iris design goal Minpltbes communications with heterogeneous resource 

registries. -Option c this IS the 

Bo I). Even though MVC solutions have many benefits, they ofien increase ^ ^ 

design complexity. 

5fl E. Roth the flout controller pattern and Struts couhl be considered solution* 
for this design goal. 

^ F. This design will provide you with the capability to easily recombine -Option F this is the job 
request and response handlers. of the intercepting titter, 

which can work with MVC, 
but which is separate 
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( >iven in a JSH page, the line: 

<% List myList = new ArrayListO; %> 

U hirh ,|S1> rode snippets ran you use rn import these flat.) types? ((ihoose two 


JSP V VO *tft»«« 1 


101 


□ 

A. 

<%! 

□ 

B. 

<%@ 


0 . 

<%@ 

□ 

D. 

<%• 

HTk. 

<%@ 


<%@ page 


import-'java.util.ArrayList' %> 

-OpUr, E is Correct because the .•fort attribute of the 
Pije directive « allowed to be specified -ore than once 


-Option A « incorrect 
because the JSP declaration 
tag cannot be wed l» m>ert 
i—port state-ents mto the 
translated servlet tode 

-Option B IS incorrect 
%> because there is no 


-Option D >s —Correct because the 
JSP declaration tag cannot be used 
to insert i—port state—ent* into the 
translated servlet Code 



"-J---—---— Servlet 

Wi are tasked w ills adding several security features to ymtr company s Java EE 

well application. Specifically, you need to create several i lasses of users and based 

on a user’s class, you need to restrict them to use only some of the application's 

pages. In order to restrict access, you must determine that users arc who they say 

they are. 


Which are true? Choose all that apply.i 

□ A. If you need to verify that Users are who they say they are, you must use 
the applic ation's deployment desc riptor to implement that requirement. 


—Option A you can also 

perform authentication 

progra— at'Cally 


□ B. 
c. 


Java EE’s aulhori/.atinii capabilities should be used In determine that 
users are who they say they are. 


—Option B this guest,on 
IS about authentication 


In order to help you determine- that users are who they sa\ they are. you 
ran Use the deployment desc riptor’s <login-config> tags. 


□ I). 

^ E. 


Ill «i| del III help you drlmilinc that liseis air who they S.cy they .or, you -Option D thit tag '* “Srtl 
can use the deployment desc riptor's <user-data-constraint> tag*, to i»p!c-cnt data integcry 

Depending on the approach you use. determining that user* are who they 
say they are might require including a "realm". 
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ValitlApp is .i Java EE application with a valid directory structure. ValitlApp 
contains nil image files in threr locations within the directory structure: 


Servlet 


- ValidApp/imageDir/ 

- ValidApp/META-INF/ 

- ValidApp/WEB-INF/ 


In which ill these locations can clients directly access these -nil files? 


□ A 

sf B. 

□ 


<)nK in ValidApp/META-INF/ 
<)nl\ in ValidApp/imageDir/ 

Ail of tlie above locations 


_0 ? tion B ^ a client attempts to atCess the (lies m WBB-INF 
OX META-INF the Container must return a “tO'Y 


_l 1). Onh in ValidApp/imageDir/ami ValidApp/WEB-INF/ 
D E Unix in ValidApp/imageDir/ and ValidApp/META-INF/ 



(iiven req is a reference to a valid HttpServletRequest. and: 


API 


13. String!] s = req. gotCookies () »* 

14. Cookie[] c ■ req.getCookies0; 

15. req. setAttribute("myAttrl", "42"); 

16. req.setAttribute("myAttr2", 42); 

17. String!] s2 = req.getAttributeNames(); 

18. String!] s3 = req.getParameterValues("attr") ; 


Whic h lines of c ode will not compile? I Choose all that apply, 
sf A. line 13 -Option A ytCooktesO returns a Cookie array 


Q B. line 14 

) I Imr ] l» 

• Mi tills I .» 

□ D. line 16 
H E. line 17 


-Option D setAttnbuteO takes a String 
’ .. . . _ r v. .. c &-a /»- 

a*d a* (Jbjeftt, ana as or x/a»d i *• —• 

bored to an Object 


-Option E ytAttribvteNamesO 
J F. line |K returns an Enumeration 


We know this IS a real 

M 

"memo* nation' kind of 
question, and we re sorry, but 
you mi^ht yt this kind ot 
thm^ on the real erjrn 
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A Ian I II'* named Products. tag displays a list of products, 
(liven this snippet front the las? File: 


y,f 


1. <%@ attribute name="header" required*"false" rtexprvalue*"false" %> 

2. <%@ attribute name®"products" required*"true" rtexprvalue*"true" %> 

3. <%@ tag body-content*"tagdependent" %> 


Which of the following arc legal usages of the lag File:' ; Choose all that apply.i 


o/ a. 

□ R. 
^ C. 


□ 1). 


<display:Products header="Shopping Cart" products*"${shoppingCart)"/> 

<display:Products header="Wish List" products*"${wishList}" body- 
content*" $ {body} '• /> -Oybo* V>. body-content .$ hot a valid attribute 

<display:Products header*"Similar Products" products*"${similarProducts)"> 
Customers who bought this item also bought: r 

</display:Products> -Option C a body is allowed because <A the ^dependent 

body-content value m the ta^ directive 

<display:Products header*'<%* request.getParameter("listType") %>' /> 


-Opt.©* V product* u a retired attribute 
header may not hold a sCnptJet because 
't defined with rtexprvalue set to false 


JSP „2- 0 section V> *• 


41 


You are I.iking pari in an initiative to remove script let* from the,(Si’s of .t legacy \srli 
application for a major hank. Vm come across the following lines of code: 

<% iff(com.yourcompany.Account)request. 

getAttribute("account")).isPersonalChecking())f 

%> 

Checking that fits your lifestyle. 


<% } %> 

How can you replace this UsingJSTL? (Choose all that apply) 

^ \ er ■ i_f Sogfa 1 ^ J arrAiinf nnrqrina *1 rhnrlf i n*j X 

that fits your lifestyle.</c:if> 


-Option A finds the attribute 
named account and call* 
i sPersonal Che cktniyf) or the 
Recount object 


^ B. 

c. 


□ l). 


<c:if test* 1 ${account["personalchecking"J)’>Checking 
that fits your lifestyle.</c:if> 

<c:if test*"$(account['personalchecking’])">Checking 
that fits your lifestyle.</c:if> 

<c:if tost*'$(account.isPersonalChecking)’>Checking 
that fits your lifestyle.</c:if> 

-Option D mill look for a ytJsPersonalCheCkin} 
method on Account and throw an exception 
when rt is not found 


-Options B and C notice that 
either single or double quotes 
may be used, but the quotes m 
the BL must not be the same 
type as those used to surround 
>t tf it is m an evaluated 
tag This rule doesn’t apply 
to template text tay 
which are not evaluated <a 
href— /{inrtParamt"£ontact- 
ema il “ J} 'T>email</a> 
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divert tin" following event 1 \|>«*s: 

- HttpSessionEvent 


fr?\, ^ 2> * 


- HttpSoeeionBindingEvont 

- HttpSessionAttributeEvent 

Match the event types almve to their res|»erlive listener interlaces. Note: yon r an 
match an event type to more than one Listener.i 

HttpSessionAttributeListener .... . 


Ht tpSes sionLi s tener .. 

HttpScssionActivationListener . We just made 

H t tpSes s i onBi ndingLi s tener . ... 


43 


—---;- ^ i, \Jt TW« 

VMiat s true almut the lifecycle ol a servlet? Choose all that apply.) 

_J A. The serviced method is the lint method invoked by the container -Option A the ,r "t'; 

when a new request is received. method it invoked tiwt 

J If The serviced method is invoked by either doPostd <>r doGetd -Option B service ' 1 
after they’ve completed a request. method invokes do$t{() 

Sj C. Kach time that doPostd is invoked, it runs in its own thread. °* 

d I) 1 he destroy!) method is invoked after every invocation of doGet() 

, co “ ple '“ -Or*~Dtk«<«w 

u K. The container issues a separate thread for each client request. "wokes dcsiroyO when rt 

decides to remove a servlet 


- JSP v2-0 “A' 0 * 

When might a JSP get translati d? (Choose all that apply.! V»t W® 

44 n V Wt .I II I I - .1 fit -Option A JSP‘ *** *°t * V* *** olde,r 

LI A. >V hen the developer complies code in the srt tolder ' , . . . i., Li, trA* 

/ 11 and the developer does not Compile them I'fe fcode 

81 B. When the application is started 

„/ , -Options B and C it ean oCCur any time between 

a C. rhe first time a user requests the JSP m. tial deplownt into the JSP elta.rer and the 

^ I). Alter jspDestroyd is called, it gets retranslated °t ^ client request -for the pay 

-Option D won t cause another translation 
to the same pay 
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API. 


w( Tjfr-icn 


Given this fragment from a valid doGet () method: 

12. OutputStream os = response.getOutputStream(); 

13. byte[] ba = (1,2,3); 

14 . os.write(ba); 

15. RequestDispatcher rd = request.RequestDispatcher("my.jsp"); 

16. rd.forward(request, response); 

Assuming that M niy. jsp” adds the hytrs 4. 5. and 6 to the response, what is the results 

l_| 123 

r-J rn 8 because os flushO wavn’t tilled, the unComm,tted 

a B 456 output (in), .» cleared, and forward a mvoked without 

□ (.:. 123456 exception |f os fUhO had been tailed before forward, an 

_ |lle*alStateE*tepti©n would have been thrown 

□ 1), 456123 

d E. An exception is thrown 


46 


A programmer needs to update a live, running servlet's initialization parameter* 
so that the web application will begin to use the new parameters immediately. 

In order to accomplish this, which must he true although not necessarily 
sufficient)? iChoose all that apply.) 


Servlet 2-. 

hf I5M* 5 


-Option h the <imt-paraw> 
ta 9 mu st be plated within 

□ A. For each parameter, you must modify a 1)1) lag that specifies the name the <servlet> ti$, so {he 
of the servlet, the name of the parameter, and the new value of the <init-param> ta^ does not 
parameter. have the servlet s name 

d B The servlet’s constructor must retrieve tin* updated DD parameter from -Option B you can’t retrieve 
the senlel’s ServletConflg object. tbe ServletConf.g object until 

C. I he container must destroy and then reinitialize the sen-let. 

M I). for each parameter, the DD must have a separate * T* ^7^r'^ ** ,, " i * al,ted to 

<inlt-param> ,a«. W- ^ ******* 


47 


API, bf l» 


Which types can be used in conjunction with HttpServletResponse methods 
to stream output data? (Choose all that apply.) 

□ A. java.io.PrintStream y(jVr,terO method returns a PcintWrrtee 

If. java. io. PrintWriter 


U C. java.io.OutputStream 

□ D. java.io.FileOutputStream 

0 E. java.io.ServletOutputStream-Option E the 5etOutputStreamO 

□ F. java.io.ByteArrayOutputStream ^ * s «*-vl«t0utput£tre, 
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Ymu vvil> application lias a valid <ld with a single <security-cons train t> 
lag. Within this lag exists; 

- a single ml pattern that declares directoryl 

- a single http method that declares POST 
• a single role name that declares GUEST 


Servlet 13-®' 
hf M 


II all of the resources fot your application exist within directoryl and 
directory2. and MEMBER is also a valid role, which are true? Choose all 
that apply, i 


□ A 

d B. 

Iv 

□ R 


GUESTs cannot do GET requests in directoryI. 
GUESTs can do GET requests in both directories. 
GUEST can do POST requests only in directory^. 
MEMBER- can do GET requests in both directories. 
GUESTs can do POST requests in both dim lories. 
MEMBER^ can do only POST requests in directoryl 


The Constraint <n this iCenario is 
that only ^WESTs can do POST* 
in directoryl 


- JSP vTO sect**" 1 |0li 

vcn: *1*, 

1. <%@ taglib prefix="c" uri="http://java.sun.com/jsp/ 

jstl/core'' %> 

2. <%@ taglib prefix="tables" uri="http://vrww. javaranch. 

com/tables" %> 

3. <%@ taglib prefix-"jsp" tagdir-"/WEB-INF/tags" %> 

4. <%@ taglib uri="UtilityFunctions" prefix="util" %> 


What about the above taglib directives would cause the JSP to not function:' 

-0yt>on b attributes can 

Ll A. Line I is wrong because the prefix attribute must come before the ^ m ir y order 

nri allrilitile. . , a . . . -r,_ r.l— 

-Oytion 0 when using Tag r Hex, 

□ B. Line is wrong because there is no uri attribute. ta<\dir u used instead or »ri 

C. 


Line I is wrong because the uri value must begin with http:// 3 ^M simply »«u*t —atch how 

_ the TLD is identified by the Container 

J I). Line I is wrong because the prefix jsp is reserved lor standard actions. 


-Cfbor, D the jsy pref .* «s reserved 
for standard actions 
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(liven lhill resp is a reference to a valid HttpServletResponse object that 
contains, among others. the following headers: 


Content-Type: text/html 
MyHeader: mydata 

And the following invocations: 


25. resp.addHeader("MyHeader", "mydata2"); 

26. resp.setHeader("MyHeader", "mydata3"); 

27. resp.addHeader("MyHeader", "mydata"); 

What data will exist for the MyHeader header? 


□ 

□ 




A. mydata 

B. mydata3 

(mydata3, mydata 


-Option C setHeaderO replaees any ousting data in the 
header, addHeaderO adds data to any ousting data 


]). mydata3, mydata2 
U K. mydata,mydata2,mydata3 
□ E mydata,mydata2,mydata3,mydata 


vers 


6 , hf IW 
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j£p v2-0 


(iiven the following portion of a weh.xnil from a legacy application: 

<jsp-conflg> 

<taglib> 

<taglib-uri>prettyTables</taglib-uri> 

<taglib-location>/WEB-INF/tlds/prettyTables.tld</taglib-location> 
</taglib> 

</ jsp-config> 

Assuming the server running your code now supports Java 1.4 EE or greater, what could you 
do to remove the above <jsp-Config> tag and r till have your code work? 


_ -Option fl- * •* "®t a 

U A, Change lltr taglih directive’s mi attribute in yottrJSPs to use Wl |dcjrd fcr tajlibi 
and the container will automatically ntap it. 

SO B Place <uri>prettyTables</uri> in your TLD file. 


-Option B Correct Wit Can see 
that the T LD is under WEB-INF, 

so the Container will l-ind it- |£ the 
TLD Contains a <uri> then the 
Container will implicitly map that 


Q C. Remove the taglib directives that used this mapping in votir 
JSP> [ he container will handle it automalieally. 'S. 

□ \ —r-ww-.rv Will onpitaUf '"■j' V.Hdl 

1). This is impossible. The <Jsp-conflg> entry here must be \ ralue to the proper TLD location 
present for the container to map the I'LL) to the uri referenced 
in Vour.JSPs. Q| -(Option C Remove the 4j«I h J- i e 

-Option D It’s «t impossible See option B J the JSP, the L, f ITr lV ^ 
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OSTU <11 *«*»"* 
and fc 

v« Wl-^ 


For a page that lists shopping ran items, the message “Your shopping cart is 
empty." must display when the cart is empty. Which of the following code 
snippets could satisfy this functionality assuming the scoped attribute carl is a List 
of oiodlK Is? (Choose all that apply 

Oh A. <c:if test='$(empty cart}’> -Options A, C, and V art all /\ 

Your shopping cart is empty. 11 the s>«»plert and preferred solution 

</c: if> 

<c:forEach var«"itemInCart" items*"$(cart}"> 

<shop:displayItem item="${itemlnCart)"/> 

</c:forEach> 


□ If 




<c:forEach var="itemInCart" items="$(cart}"> 
<c:choose> 

<c:when test='$(empty itemlnCart}'> 
Your shopping cart is empty. 

</c:when> 

<c:otherwise> 

<shop:displayltem item="$(itemlnCart) 
</c:otherwise> 

</c:choose> 

</c:forEach> 


-Option B if tiA. IS e~rly or iwll, 
ihe tfoAath will never e+etuie its 
body Y<>u will never see the message 
when the cart >s e»pty 


'/> 


<c:choose> 

<c:when test='$(empty cart}'> 

Your shopping cart is empty. 

</c:when> 

<c:when test=’$(not empty cart}’> 

<c:forEach var="itemInCart" items=”$(cart)"> 
<shop:displayItem item="$(itemlnCart)"/> 
</c:£orEach> 

</c:when> 

</c:choose> 

<c:choose> 


<c:when test—'${empty cart}'> 

Your shopping cart is empty. 

</c:when> 

<c:otherwise> 

<c:forEach varw"itemInCart H items""$(cart)"> 
<shop:displayltem item="$(itemInCart)"/> 
</c:forEach> 

</c:otherwise> 

</c:choose> 
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. , , , , c^rvlet 

(.liven the following code from a servlet, and given that myVar is u rclcrcnre to either an ^ l^O-W 

HttpSession or a ServletContext 

15. myVar.setAttribute("myName", "myVal"); 

16. String s = (String) myVar.getAttribute("myName"); 

17. // more code 

Alter line If* twenties, which arc true ' iChoose all that apply. 

A. The value of s cannot lie guaranteed. -Option A without iwu, a. 

O B. II myVar is an HttpSession. eompilation will lail. /> dan ihange unexpedtedly 

l-njg.ne a user opening a sedond browser ) 

U ( . Il myVar is a ServletContext. compilation will lail. 

lJ 1). Il myVar is an HttpSession. s is guaranteed to have the value "myVal" 

Q K. II myVar is a ServletContext. s is guaranteed to have the value "myVal". 



< .liven a portion of Java EE web application’s deployment descriptor: 

62. <orror-page> 

63. <exception-type>IOException</exception-type> 

64 . <location>/mainError.j sp</location> 

65. </error-page> 

66. <error-page> 

67. <error-code>404</error-code> 

68. <location>/notFound.jsp</location> 

69. </error-page> 


See* app ft. 

hf 


-Option A when sf*£.{y.ng an exdept.cn type .n the DD. 3 ^lly 
V;llirl Qualified name (sudh as ya-a k, !0£*e«pW. be used 


What is true? 

Sf \ The deployment descriptor is not vnlirt ■ ,.^ d ^ (wtkl * ^ , 

O I?. Il the application throws an IOException. nothing will he served. 

□ C. Il the application throws an IOException. notl'ound.jsp will be served. 

Q I). II the applii alion throws an IOException, mainError.jsp will he served. 
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(iiven the following JSP: 

1. <%! String GREETING ■ "Welcome to my page"; %> 

2. <% request.setAttribute("greeting", GREETING); %> 

3. Greeting: ${greeting) 

4. Again: <%= request.getAttribute("greeting") %> 

An attempt is made to convert the above JSP to aJSP Document: 

01. <jsp: declaration 

02. String TITLE ■ "Welcome to my page"; 

03. </jsp:declaration> 

04. <jsp:scriptlet> 

05. request.setAttribute("greeting", GREETING); 

06. </jsp:scriptlot> 

07. Greeting: $(greeting) 

08. Again: <jsp:expression> 

09. request.getAttribute("greeting"); 


JSp *2.0 *ett'»*** 
and ^ ^ 2- 


10. </ jsp: expression 

What is wrong with the new JSP Document? (Choose all that apply. 

□ A. No <jsp: root> was declared. -Option A <jsproot> n r»i a reyrtd ta* 

id 11. The template text should be wrapped in a <jsp: text> lag. -Option B otherwise, this 

it not valid )(MLl 

LI C, ILL expressions are not allowed in JSP Dot untents. 

jd 1). Hie <jsp:expression> contents should not have a semicolon. -Option D Ooftf A typo' 



Which of the following is LEAST likeb to make nr receive network calls? 

n t rxmi -Option A if you tee a pattern oe io»p<ment 

LI A. JNDI server ^ * the objettives you tan rule .t out 

Id'll transfer object at tke torrett answer* 


LI C. sei \ ii e Im aim 
D I) front controller 
Q E. intercepting filter 


-Option B tea..,Let Ejects dee typically sent 
network tails, b„t they seldom m,t.ate 
or respond to network tails 


tore \Ut Wl, 


fcZl 
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Given: 

10. $(questionNumber}: $(question) 

11. <c:forEach var-"answer" iterns-”${answers)"> 


JSTL 


vl I sect»o 




16. </c:forEach> 

The question attribute In a String that may contain XML tags (hat uinsi be 
displaycd in die browser as regular text. Willi ibr above snippet, the browser 
is not displaying the XML tags. W hat can be changed to fix this? (Choose 
all that apply) 

A Replace ${ question) with <c:out value*"$(question)"/> 
□ B. Replace $(question) with <c:out>$(question)</c:out> 


-Opttons A C escapejU 11 ^* e 

by default, so both A C are 
Correct <C'out>‘* escape)<»l can 
Convert XML Characters (<, >, f, 
“) into special Code SO your browser 
Will display them properly rather 
than mistake them for html 



Replace $ (question) with <c:out escapeXml="true" value*"${question} "/> 


^ 1). Replace ${question) with <%■ $(question) %> 

-Option D Sorry, but this one's not even Close 
Vou can't put EL- inside of a scnptlet 


-Option B the value attribute is 
required for <C out> Even though 
<c out> can have a body, the body 
replaces the default attribute, not 
the value attribute 


Servlet 

kf va-t* 


Your Java KK web application is gaining ill popularity and you decide to add a 
{jQ second server to support the volume of client requests. Which are true about the 
migration of a session from one server to the other? (Choose all that applv.j 

LI A. Such migralions are not |M>ssihle within a session. 

S3 B. When a session is migrated, its HttpSession goes with it 

LJ C. When a session is migrated, its ServletContext goes w ith it. 

□ If When a session is migrated, its HttpServletRequest goes with it. 

IS F,. If an object is added using HttpSession.setAttribute tin- object E thei % # no 

si lie Serializable in mdri in lie iiiigialrd limn one snvci lo die V** P«rL an obie/f ' 

its vrial:. dT* 


IIIIIM 

other. 


i no uou 
n obic^ 

—I K If an object is added using HttpSession. setAttribute. and the 

object’s class has implemented Serializable. readObject and -Opbo* E these calls 
Serializable.writeObject. and the session is migrated, the aren't guaranteed 1 
container will invoke these readObject and writeObject methods. 

□ G. If a session attribute implements HttpSossionActivationListener. 

the container’s only requirement is to notify listeners once the session has ^a' Jor ’ ^ the C<m tamer 
been activated on the new server. " >ur ^ ^ 50 J 

passivation notice. 
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A Java EE deployment descriptor dei lares several Idlers whose URLs match a 
v>i\ «-ii request, and also declares several filters whose <servlet-name> tug* 
match the same request. 

What statements are true about the titles that the cotilainet uses to invoke the 
filter m for that rec|ttest? (Choose all that apply) 


Ser»Wt 

hf lio 


□ A. 

□ B 

□ C. 

□ I). 

□ E. 

Q^V 


(>nlv the <servlet-name> matched filters will be invoked. 


< >1 the URL matched fillers, only the first will be invoked. 

<)l the <servlet-name> mulched filters, only the first "ill he invoked. 

The <servlet-name> man lied filters will be invoked before the URL 
matched fillers. 

All of the URL matched filters "ill be invoked, hut the order of 
invocation is undefined, 


First the don timer 

invoke dll of the URL 
wdtdhed -filters, in DD 

dedication order, then the 
<servlet-na*ne> —atdhed 
filters will be invoked, also 
m DD dedlared order 


All of the l RL matched filters will hr invoked, in the order in which they 
appear in the DL) 


When comparing servlet initialization parameters to context initialization parameters.ser* *)■ ^ 

which are true for both? {Choose all that apply.I hf l^l-I^O 

sf A. In llicir rcspcclivr 1)1) lags, they both have ,i <parara-name> and a 

<param-value> lag. -Option B only the 

Q B. Their respective l)D lags are both plat rd dirertlv tinder the <web-app> taj^** 0 "^*]' 

1 i * is pladed diredtlv under 

81 C. Their respective methods used to retrieve initialization parameter values are the <web-app> ta^ 
both called getlnitParameter , 

-Option D only dontert para-v dan be 

Li 1). Both can lie directly accessed from a JSP. aC uucd fro*. JSP* 

CD K. Only changes to context initialization parameters in the 1)1) can he accessed 

without redeploying the web application. g, m me are dhany* 

to the DP dynamidally addessible 

JSP \Zersion I- <-z 

A JSP developer wants to mclnde the contents of the file copyright. jsp ftbon I 10 *» 


-Option * is dorredt bedause 
thu ryntan « appropn*, for 


into all primary |SP pages. 

Which mech.misins can do this? Choose all that applv.i 

Jr T™* * 

—1 A. <jsp:directive.include file-”copyright. jsp" /> —’Dodi—ent* 

if B <%@ include file-"copyright, jsp" %> ^ b doj^edt bedanie this synta* 

J J 11 Jffwpnate for JSP pays 

□ C. <%@ page include-"copyright.jsp" %> ^ 

/ -Option C is indorredt bedau*e you dannot u*e the 

LB I). <jsp:include page-"copyright. jsp" /> __ a<redtive to-port dontent 
Li E. <jsp:insert file="copyright. jsp" /> rs . , , 

-oru. 6 

standard adtion does not enist runtime 
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You are developing an application to manage customer accounts for a company that oilers 
phone, cable, and Intmtel services. Many of the pages contain a search functionality l ire 
search box shoitlil look the same on every page Imi some of the page* should limit tin' 


scan It to only phone, i able, or Inter net in i omits. 

Given a separate JSP named Search.jsp: 

1. <form action="/scarch.go"> 

2. Find ${param.accountType) Account: 

2. <input type="text" name="searchText"/> 

3. <input type-"hidden” name-"accountType" 

3. <input type*"submit” value*"Search " 

4. </form> 


*10 set *.' 0 " 4 * 


value-"${param.accountType)"/> 


What tag should you use in a JSP that needs to search for cable accounts'.* -Option A <jspinclude> 

D A. <jsp:include page="Search. jsp” accountType="Cable"/> rtr , “” e ^tribute 
/ «cJ*»ed accountType 

3 H. <jsp:include page-”Search. jsp”> ^ & ^countType} 

<jsp:param name="accountType” value-" Cable "/> ^ ^ paramC ter 

</jsp:include> . ... ’ . 

J * parsed With <jsppaea-> 

□ C.\ <jsp:include file="Search.jsp" accountType="Cable”/> 

ID 1) <jsp:include file—"Search, jsp" > -Ofiiom and D <jspmclude> 

<jsp:attribute name-"accountType" value-"Cable"/> “ ,f ‘ ne attribute The 

</j sp: include> 1 '* used m 

include directives 


While testing Imw various tags and scriptlet* work, a developer creates the 
63 following JSP: 

1. <% request.setAttribute("name", "World"); %> 

2. <!-- Test —> 


0 section* 


IVI 


3. <c:out value-'Hello. ${namQ)'/> 

Much to the developer's surprise, the browser doesn’i display anything at all when 
her JSP i* retrieved. If the developer views the HTML source of the page, what 
will she find in the output? 


□ A. 

□ B. 




C. 


<1-- Test --> 

<!— Test —> 

<c:out value-'Hello, 

<!— Test —> 

<c:out value-'Hello, 


□ n 


No output 


${name)'/> 

'?J h ZL C P* EL yts evaluated but 

World' /> the JSF Will not reco^mre the <C out> ta* and 
treat -t as te-plate text because the ta<d.b *a s 
not declared m the JSP 
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A dating services application asks its single users a series of questions. A session scoped 
64 attribute called compatibilityProfile of type HashMap already exist-., into which each 

submitted question 11) and answer pair ate stored. JSTL si I sett*®' 1 ' 

,,. lC 

Given: M ' 


22. <% ((java.util.HashMap)request.getSession().getAttribute(" 

compatibilityProfile")).put( 

23. request.getParameter("questionldSubmitted "), 

24. request.getParameter("answerSubmitted")); 

25. %> 


H<>vv . an this be replaced without Using scripllets? Choose all that apply 

G A. <c:map target-"${compatibilityProfile}” -Oftaor A <c w*ay> o "«t a -■* ta^ 

key="${param. questionldSubmitted)" 
valuo="${param.answerSubmitted)"/> 


□ H 


□ C. 

ti'i) 


<jsp:useBean id=”compatibilityProfile" class="java.util.HashMap" 

scope—"session"> -Ofth* B <j«p*«Bea.v> only 

<jsp: sotProperty namo="compatibilityProfile" worb wrtb beans, not maps/ ' 

property="${param.questionldSubmitted)" 
value-"${param.answerSubmitted)"/> 

</jsp:useBean> 

-OH'®" C BL 3i 0« tannot 

$ 1 compatibi 1 ityProfile [param. questionldSubmitted] = value to an object 

param.answerSubmitted) 

<c:set target-"$<compatibilityProfile}" D : <c*t> tan be used 

property="${param.questionldSubmitted)"^ ^ ^ A 

value-"${param.answerSubmitted)"/> 
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A programmer i* creating a filler for a Java EE Wei) application. CJiven the following rode: 

7. public class MyFilter implements Filter { 

8. public void init(FilterConfig conflg) throws FilterException 

9. 


API 
non 

{ > 


10. public void doFilter(HttpServletRequest request, 

11. HttpServlotResponse response, 

12. FilterChain chain) 

13. throws IOException, ServletException { } 

14. 

15. ) 


What ehangefs; are nei i-ss.nA lo create a valid filter? (Choose all that apply.; 

LJ A. No changes are necessary'. 

B. A destroy () method must be added. -Option 0 if nothm$ else, doFilterO 

^ C. I he doFilter () method’s body must he changed. »u*t invoke chain doFilterO 

sf I). The init() method's signature must he changed. -Ofho* D mitO throws a ServletEnception 

O E. The doFilter () method’s arguments must be changed -Option £ doFilterO takes 

J E The doFilter () method’s exceptions must be changed. e tKe<yues and ^ervlefRej^^ 


JSP viO 
section 5 5 

hf ^0^10 


Your compam wants to include a splash page, SplashAd. jsp. to advertise other company 
66 offerings to users as they lir't enter the site. < >» this new page users will be given the option to 
click a checkbox on the ad page that says’TJo not show me this oiler again" and dick a submit 
button that say s “Continue to My Account”. If the user submits this form with the checkbox 
i becked, the receiving Servlet sets a Cookie with the name of “skipSplashAd ’to the user's 
browser and then passes control hark to the mainjSI 1 . 

The main JSP will he responsible lor forwarding the request to the splash page What snippet 
c an be added to the lop of the main page to send the user to tile splash page if they have not yet 
selected the i heckbox lo avoid the ad otter? 

sT A <c:if test="${empty cookie.skipSplashAd and pageContext.session.new)"> 


<jsp:forward 


□ 

□ 

□ 

□ 


page="SplashAd. jsp"/> -Option A Correct The forward only oCCwrs when the 
</c • if > CooioT has not been set Be au*r« that users with Cook.es 

' “ disabled will never yt to skip the ad with this solution 

B <jsp:forward page-"SplashAd.jsp" flush-"${empty cookie.skipSplashAd)"/> 

C. <jsp: redirect page="SplashAd. jsp"/> . . r , ts i. . -Option B The flush 

c and D there n *tnbute Wl ,| ^ ^ 

D. <jsp: redirect file="SplashAd. jsp"/> no <jsp red«rect> ta$ 

K. <% if(cookie.get("skipSplashAd") = null tt session.isNew())( %> 

<jsp: forward page-"SplashAd. jsp"/> ^ ^ ^ lS inVj j ld cook.e .s 

<% 1 %> an ulyliCit object m Ft. but not «* sCnptletv 
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A programmer wants tn implement a ServletContextListener (iiven the following 1)1) 


fragment; 

101. <1— insert tagl here —> 

102. <param-name>myParam</param-name> 

103. <param-value>myValue</param-value> 

104. <!— close tagl here —> 

105. <listener> 

106. <!— insert tag2 here —> 

107. com.wickedlysmart.MySCListener 

108. <!— close tag2 here —> 

109. </listener> 




Ami this listener class pseudo-cerle: 

5. // packages and imports here 

6. public class MySCListener implements ServletContextListener { 

7. // method 1 here 

8. // shutdown related method here 


9. I 

Which arc true? (Choose all that apply 
Q A. The PI) fragment cannot hr valid 
id B. lag I should he <context-par am> 

Q C. tagl should lx <servlet-param> 
l) tag2 should be <listener-class> 

J 11 . Iag2 should lx <servlet-context-class> 
LJ F. method l should be initializeListener 
<■ method I should lie context Initialized 


Sometimes you just have to 
memorize some stutf 
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The vvh kedlysinart website lias a validly deployed Java KK web application and 
Deploy ment descriptor that contains the following: 

<welcome -file-li s t> 

<welcome-file>welcome.html</welcome-file> 
<welcome-file>howdy.html</welcome-file> 
<welcome-file>index.html</welcome-file> 
</welcorae-file-list> 

A portion of the web app's directory structure looks like this: 

MyWebApp 

— index.html 

— welcome 
|-- welcome.html 

|— foobar 

| — howdy. html 
ll the application receives the following two requests; 

http://www.wickedlysmart.com/MyWobApp/foobar 
http://www.wickedlysmart.com/MyWebApp 
Which set of responses w ill be served? 

D A howdy.html then u 404 
L) B. index.html then a 404 
Q C welcome.html then a 404 
d 1). howdy.html then index.html 
s_j E. index.html then Index, nuni 
U K howdy. html ihen welcome. html 
Q (i welcoroe.htmlthenindex.html 




% ht & 


-0?bo* D if the DD dwh'f 
a seevld; ^ w ,|| ^ 

Specified in the revert 
f,r*t f,| e rfc ln ^ 
welcome l«t that »*trhe* a (,\e .* the 
reverted directory 
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Vour web application has a valid dd with a single <security-constraint> lag. 
Within this lag exists: 

- a single http method that declares GET 

All of the resources in vain application exist within directoryl and 
dircctory2 and the only defined roles are BEGINNER and EXPERT 

II you want to restrit i BEGINNER' from using resources in directory2, which 
are true about the url and role tag s i you should declare? (Choose all that apply.) 

Q A. A single url tag should declare directoryl and a single role lag should 
declare EXPERT 

Q U A single url tag should declare directory2 and a single role lag should 
declare EXPERT 


□ C. 

1 ). 


A single url tag should declare directoryl and a single role tag should 
declare BEGINNER 

A single url tag should declare directory2 and a single role lag should 
declare BEGINNER 


Q K. < >ur url tag should declare ANY and its role tag should declare EXPERT, 
and another url tag should declare directory2 and its role tag should 
declare BEGINNER 


O |- ()ue url tag should declare both directories, and its role lag should declare 

EXPERT, and another mi tag should declare directoryl and its role tag 
should declare BEGINNER 


Soviet 


Ren'embe* - m the DP 

youV« aUnays declaring 
Conrleam-t*. 
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